Google has released Beta channel 127.0.6533.17 for Windows, Mac and Linux, Chrome Beta 127 (127.0.6533.16) for iOS, and Chrome Beta 127 (127.0.6533.15) for Android.
Uncontrolled Search Path Element vulnerability has been discovered in Yokogawa's Equipment- CENTUM that allow an attacker to execute arbitrary programs. The mitigations are available.
CVE ID: CVE-2024-5650 (High)
Multiple vulnerabilities have been discovered in Westermo's Equipment- L210-F2G Lynx that can crash the device being accessed or can allow remote code execution. The affected version is Westermo L210-F2G Lynx: 4.21.0. The mitigations are available.
CVE ID: CVE-2024-37183 (Medium), CVE-2024-35246 (High), CVE-2024-32943 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 126.0.2592.68) to resolve multiple vulnerabilities.
CVE ID: CVE-2024-38082 (Medium), CVE-2024-38093 (Medium)
Path Traversal vulnerability has been discovered in CAREL's Equipment- Boss-Mini that allow an attacker to manipulate an argument path, which can lead to information disclosure. The affected version is CAREL Boss-Mini: version 1.4.0 (Build 6221). The mitigations are available.
CVE ID: CVE-2023-3643 (Critical)
Authentication bypass vulnerability has been discovered in Lifeline Donation plugin for WordPress. The affected versions are Lifeline Donation plugin for WordPress versions up to, and including, 1.2.6.
CVE ID: CVE-2024-5432 (Critical)
Google has released Chrome 126 (126.0.6478.110) for Android, Dev channel OS version 127.0.6533.11 (Platform version 15917.8.0) for most ChromeOS devices, Stable channel has been updated to 126.0.6478.114/115 for Windows, Mac and 126.0.6478.114 for Linux, and Stable channel OS version: 15853.67.0 Browser version: 125.0.6422.197 for most ChromeOS devices.
CVE ID: CVE-2024-6100 (High), CVE-2024-6101 (High), CVE-2024-6102 (High), CVE-2024-6103 (High)
A prompt injection vulnerability has been discovered in EmailGPT service. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit this vulnerability by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.Â
CVE ID: CVE-2024-5184 (Critical)
Improper access controls vulnerability has been discovered in Totolink. The affected version is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
It has been discovered that certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
CVE ID: CVE-2024-6047 (Critical)
An arbitrary firmware upload vulnerability has been discovered in ASUS routers. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.
CVE ID: CVE-2024-3912 (Critical)
Remote File Inclusion vulnerability has been discovered in Canto plugin for WordPress. The affected versions are Remote File Inclusion in all versions up to, and including, 3.0.8.
CVE ID: CVE-2024-4936 (Critical)
A SQL injection vulnerability has been discovered in the Dokan Pro plugin for WordPress. The affected versions are the Dokan Pro plugin for WordPress all versions up to, and including, 3.10.3.
CVE ID: CVE-2024-3922 (Critical)
A missing authorization vulnerability has been discovered in SoftLab Upload Fields for WPForms. The affected versions are SoftLab Upload Fields for WPForms from n/a through 1.0.2.
CVE ID: CVE-2024-35661 (Critical)
A missing authorization vulnerability has been discovered in WPDeveloper EmbedPress. The affected versions are EmbedPress from n/a through 3.9.8.
CVE ID: CVE-2024-31284 (Critical)
Cisco has released security updates to address multiple vulnerabilities in Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance.
CVE ID: CVE-2024-20256 (Medium), CVE-2024-20257 (Medium), CVE-2024-20258 (Medium), CVE-2024-20383 (Medium), CVE-2024-20392 (Medium)
Google has released Chrome Beta 127 127.0.6533.5 for Windows, Mac & Linux, Dev channel OS version 127.0.6533.0 Platform version 15917.2.0 for most ChromeOS devices, Chrome Beta 127 127.0.6533.2 for Android, Chrome Beta 127 127.0.6533.3 for iOS and Beta channel OS version 15886.29.0 Browser version 126.0.6478.48 for most ChromeOS devices.
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address multiple critical, high, and medium vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-30299 (Critical), CVE-2024-30300 (Critical), CVE-2024-34108 (Critical), CVE-2024-34102 (Critical)
A SQL injection vulnerability has been discovered in Intrado's Equipment- 911 Emergency Gateway (EGW) that allows to execute malicious code, exfiltrate data, or manipulate the database. All versions of 911 Emergency Gateway (EGW) are affected.
CVE ID: CVE-2024-1839 (Critical)
Fortinet has released security updates to address several vulnerabilities in FortiOS. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-26010 (Medium), CVE-2024-23111 (Medium), CVE-2024-23110 (High), CVE-2023-46720 (Medium), CVE-2024-21754 (Low)
An always incorrect control flow implementation vulnerability has been discovered in Rockwell Automation's Equipment- ControlLogix, GuardLogix & CompactLogix. The mitigation is available.
CVE ID: CVE-2024-5659 (High)
A deserialization of untrusted data vulnerability has been discovered in AVEVA's Equipment - PI Web API that allows to perform Remote Code Execution (RCE). The affected versions are AVEVA PI Web API versions 2023 and prior. The mitigations are available.
CVE ID: CVE-2024-3468 (High)
A deserialization of untrusted data vulnerability has been discovered in AVEVA's Equipment - PI Asset Framework Client that allows to perform malicious code execution. The affected versions are PI Asset Framework Client: 2023 and PI Asset Framework Client: 2018 SP3 P04 and prior. The mitigations are available.
CVE ID: CVE-2024-3467 (High)
An improper authorization in the handler for custom URL scheme and stack-based buffer overflow vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer. The affected versions are DICOM Viewer prior to 2024.2. The mitigations are available.
CVE ID: CVE-2024-33606 (High), CVE-2024-28877 (High)
A potential Denial of Service (DoS) vulnerability have been discovered in XenServer and Citrix Hypervisor. Citrix has released security update to address this vulnerability. The affected versions are XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR.
CVE ID: CVE-2024-5661 (Medium)
Apple has released security updates to resolve multiple vulnerabilities in VisionOS 1.2. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-27817, CVE-2024-27831, CVE-2024-27832, CVE-2024-27801, CVE-2024-27836, CVE-2024-27828, CVE-2024-27840, CVE-2024-27815, CVE-2024-27811, CVE-2024-27800, CVE-2024-27802, CVE-2024-27857, CVE-2024-27844, CVE-2024-27838, CVE-2024-27808, CVE-2024-27812, CVE-2024-27850, CVE-2024-27833, CVE-2024-27851, CVE-2024-27830, CVE-2024-27820
A file upload vulnerability has been discovered in Pichome that allows to execute arbitrary code via crafted POST request. The affected version is Pichome v.1.1.01.
CVE ID: CVE-2024-24393 (Critical)
A directory traversal vulnerability has been discovered in the Startklar Elementor Addons plugin for WordPress. The affected versions are Startklar Elementor Addons plugin for WordPress, all versions up to, and including, 1.7.15.
CVE ID: CVE-2024-5153 (Critical)
CISCO has released security updates to resolve multiple vulnerabilities in Cisco Finesse Web-Based Management Interface that allow to perform a stored Cross Site Scripting (XSS) attack by exploiting a Remote File Inclusion (RFI) vulnerability or performing a Server Side Request Forgery (SSRF) attack on an affected system.
CVE ID: CVE-2024-20404 (Medium), CVE-2024-20405 (Medium)
Google has released Beta channel OS version 15886.24.0, Browser version 126.0.6478.33 for most ChromeOS devices, Stable channel 126.0.6478.36 for Windows & Mac, Beta channel 126.0.6478.36 for Windows, Mac & Linux, Chrome Beta 126 (126.0.6478.34) for iOS, Chrome Stable 126 (126.0.6478.35) for iOS and Chrome Beta 126 (126.0.6478.40) for Android.
Drupal has released security updates to address access bypass and Denial of Service (DoS) vulnerabilities in Acquia DAM, a third-party library used in it. The affected versions are Acquia DAM prior to 1.0.13 and Acquia DAM 1.1.0 below Acquia DAM 1.1.0-beta3.
A SQL injection vulnerability has been discovered in LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress. The affected versions are LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress, all versions up to, and including, 7.6.2.
CVE ID: CVE-2024-4743 (Critical)
An improper privilege management vulnerability has been discovered in DeluxeThemes Userpro that allows privilege escalation. The affected versions are DeluxeThemes Userpro from n/a through 5.1.8.
CVE ID: CVE-2024-35700 (Critical)
A Denial of Service (DoS) vulnerability due to OpenSSL vulnerability has been discovered in Mitsubishi Electric's Equipment- CC-Link IE TSN Industrial Managed Switch. The affected versions are CC-Link IE TSN Industrial Managed Switch ”05” and prior. Security Updates are available.
CVE ID: CVE-2023-2650 (Low)
A Cross Site Scripting (XSS) vulnerability has been discovered in Uniview's Equipment- NVR301-04S2-P4. The affected versions are Uniview NVR301-04S2-P4 prior to NVR-B3801.20.17.240507. The mitigation is available.
CVE ID: CVE-2024-3850 (Medium)
Multiple vulnerabilities have been discovered in Fuji Electric's Equipment- Monitouch V-SFT that can allow an attacker to execute arbitrary code. The affected versions are Monitouch V-SFT versions prior to 6.2.3.0. The mitigation is available.
CVE ID: CVE-2024-5271 (High), CVE-2024-34171 (High), CVE-2024-5597 (High)
Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake has issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access.
An authentication bypass vulnerability has been discovered in Social Login Lite For WooCommerce plugin for WordPress. The affected versions are Social Login Lite For WooCommerce plugin for WordPress versions up to, and including, 1.6.0.
CVE ID: CVE-2024-4552 (Critical)
An authentication bypass vulnerability has been discovered in XPodas Octopod. The affected version is Octopod before v1.
CVE ID: CVE-2024-1202 (Critical)
A SQL injection vulnerability has been discovered in Kashipara Billing Software. The affected version is Kashipara Billing Software 1.0.
CVE ID: CVE-2024-0496 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 125.0.2535.85) to resolve a vulnerability.
CVE ID: CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497, CVE-2024-5498, CVE-2024-5499
Authentication bypass vulnerability has been discovered in the Login with phone number plugin for WordPress. The affected versions are Login with phone number plugin for WordPress versions up to, and including, 1.7.26.
CVE ID: CVE-2024-5150 (Critical)
It has been discovered FTP uses unsecure encryption mechanism in the B&R Automation Runtime version prior to I4.93 that may allow Man in the Middle (MITM) attacks or to decrypt communications between the affected products and other parties. Security update is available.
CVE ID: CVE-2024-0323 (Critical)
Authentication bypass vulnerability has been discovered in Pie Register - Social Sites Login (Add on) plugin for WordPress. The affected versions are Pie Register - Social Sites Login (Add on) plugin for WordPress versions up to, and including, 1.7.7.
CVE ID: CVE-2024-4544 (Critical)
Authentication bypass vulnerability has been discovered in Hash Form – Drag & Drop Form Builder plugin for WordPress. The affected versions are Hash Form – Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.1.0.
CVE ID: CVE-2024-5084 (Critical)
Google has released Chrome 125 (125.0.6422.112/.113) for Android, Extended Stable 124.0.6367.233 for Windows and Mac, Stable channel 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux, and LTS channel version 120.0.6099.312 (Platform Version: 15662.109.0) for most ChromeOS devices.
CVE ID: CVE-2024-5274 (High), CVE-2024-4761 (High), CVE-2024-4947 (High)
SQL Injection vulnerability has been discovered in Country State City Dropdown CF7 plugin for WordPress. The affected versions are Country State City Dropdown CF7 plugin for WordPress versions up to, and including, 2.7.2.
CVE ID: CVE-2024-3495 (Critical)
GitLab has released updated versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4835 (High), CVE-2024-2874 (Medium), CVE-2023-7045 (Medium), CVE-2023-6502 (Medium), CVE-2024-1947 (Medium), CVE-2024-4367
A time-based SQL Injection vulnerability has been discovered in Business Directory Plugin – Easy Listing Directories for WordPress plugin. The affected versions are Business Directory Plugin – Easy Listing Directories for WordPress plugin, all versions up to, and including, 6.4.2.
CVE ID: CVE-2024-4443 (Critical)
A time-based SQL Injection vulnerability has been discovered in Business Directory Plugin- Easy Listing Directories for WordPress plugin. The affected versions are Business Directory Plugin- Easy Listing Directories for WordPress plugin, all versions up to, and including, 6.4.2.
CVE ID: CVE-2024-4443 (Critical)
An authentication bypass vulnerability has been discovered in Build App Online plugin for WordPress. The affected versions are Build App Online plugin for WordPress versions up to, and including, 1.0.21.
CVE ID: CVE-2024-3658 (Critical)
Google has released Stable channel 124.0.6367.225 Platform version 15823.60.0 for most ChromeOS devices, Chrome Dev 127 (127.0.6483.0) for Android and Dev channel 127.0.6485.0 for Windows, Mac & Linux.
An improper input validation vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk View SE that allows to inject a malicious SQL statement into the SQL database, resulting in exposing sensitive information. The affected versions are FactoryTalk View SE versions prior to 14.0. The mitigations are available.
CVE ID: CVE-2024-4609 (High)
Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.109) and Extended Stable channel (Version 124.0.2478.109) to resolve vulnerabilities.
CVE ID: CVE-2024-4947, CVE-2024-30056 (High)
An infinite loops vulnerability has been discovered in Wireshark MONGO and ZigBee TLV dissector. The affected versions are Wireshark 4.2.0 to 4.2.4, Wireshark 4.0.0 to 4.0.14, and Wireshark 3.6.0 to 3.6.22. The mitigations are available.
A SQL injection vulnerability has been discovered in DigiWin EasyFlow .NET that allows unauthorized access to read, modify, and delete database records, as well as execute system commands.
CVE ID: CVE-2024-4893 (Critical)
Drupal has released a security update to resolve an access bypass vulnerability in RESTful Web Services, a third-party library used in it. The affected version is RESTful Web Services module for Drupal 7.
Google has released Dev channel 126.0.6475.0 Platform version: 15886.0.0 for most ChromeOS devices, Chrome 125 125.0.6422.53 for Android, Extended Stable channel 124.0.6367.221 for Windows &Mac, Chrome Beta 125 125.0.6422.53 for Android and Chrome 125 stable channel 125.0.6422.60 for Linux &125.0.6422.60/.61 for Windows &Mac to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4947 (High), CVE-2024-4948 (High), CVE-2024-4949 (Medium), CVE-2024-4950 (Low)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.11. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-4367 (High), CVE-2024-4767 (Medium), CVE-2024-4768 (Medium), CVE-2024-4769 (Medium), CVE-2024-4770 (Medium), CVE-2024-4777 (Medium)
Microsoft has released updated Microsoft Edge Stable Channel and Extended Stable Channels Version 124.0.2478.105 to resolve a vulnerability.
CVE ID: CVE-2024-4761
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
Cybersecurity and Infrastructure Security Agency (CISA), in partnership with other organizations, has released cybersecurity guidance to protect High Risk Community (HRC) entities such as civil society organizations and individuals. Additionally, the guide encourages software manufacturers to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable people and HRC.
A Remote Code Execution (RCE) vulnerability has been discovered in Rockwell Automation's Equipment- Factory Talk Remote Access. The affected versions are FactoryTalk Remote Access v13.5.0.174 and prior. The mitigations are available.
CVE ID: CVE-2024-3640 (Medium)
A vulnerability has been discovered in Subnet Solutions Inc.'s Equipment- PowerSYSTEM Center that allows privilege escalation, Denial of Service (DoS) or arbitrary code execution. The affected versions are PowerSYSTEM Center Update 19 and prior. The mitigations are available.
CVE ID: CVE-2024-28042 (High)
An insertion of sensitive information into a log file vulnerability has been discovered in Johnson Controls' Equipment- Software House C?CURE 9000 that allows, to access credentials used for access to the application. The affected version is Software House C?CURE 9000: v3.00.2. The mitigations are available.
CVE ID: CVE-2024-0912 (High)
Fortinet has released security updates to address vulnerabilities in FortiOS. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-46714 (Medium), CVE-2023-44247 (Medium), CVE-2023-36640 (Medium), CVE-2023-45583 (Medium), CVE-2024-26007 (Medium), CVE-2023-45586 (Medium)
Google has released Stable channel 124.0.6367.219 (Platform version: 15823.58.0) for most ChromeOS devices, Dev channel 126.0.6468.2 for Windows, Mac &Linux.
Google has released Chrome 124 (124.0.6367.179) for Android, LTS channel version 120.0.6099.310 (Platform Version: 15662.107.0) for most ChromeOS devices, Stable channel 124.0.6367.207/.208 for Mac, Windows and 124.0.6367.207 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4761 (High), CVE-2024-4331 (High), CVE-2024-0409 (High), CVE-2023-25584 (High), CVE-2024-24806 (High), CVE-2024-21626 (High)
It has been discovered that Black Basta ransomware affiliates use common initial access techniques such as phishing &exploiting known vulnerabilities and then employ a double-extortion model, both encrypting systems and exfiltrating data. Ransomware affiliates use tools such as BITSAdmin &PsExec, along with Remote Desktop Protocol (RDP), for lateral movement.
Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.97) and Extended Stable channel (Version 124.0.2478.97) to resolve vulnerabilities.
CVE ID: CVE-2024-30055 (Medium), CVE-2024-4671
Cybersecurity Infrastructure Security Agency (CISA) has released secure by design alert to choose secure and verifiable technologies impacting Critical Infrastructure Sectors.
Google has released Stable channel 124.0.6367.154 Platform version: 15823.51.0 for most ChromeOS devices, Chrome Dev 126 126.0.6465.0 for Android and Stable channel 124.0.6367.201/.202 for Mac &Windows &124.0.6367.201 for Linux to resolve use after free vulnerability.
CVE ID: CVE-2024-4671 (High)
Use of default credentials vulnerability has been discovered in Alpitronic's Equipment- Hypercharger EV charger that can result in an attacker disabling the device, bypassing payment, or accessing payment data. All versions of Hypercharger EV charger are affected. The mitigation is available.
CVE ID: CVE-2024-4622 (High)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- FactoryTalk Historian SE that can cause a Denial of Service (DoS) condition. The affected versions are FactoryTalk Historian SE versions v9.0 and prior. The mitigations are available.
CVE ID: CVE-2023-31274 (High), CVE-2023-34348 (High)
A deserialization of untrusted data vulnerability has been discovered in Delta Electronics' Equipment- InfraSuite Device Master that allows Remote Code Execution (RCE). The affected versions are InfraSuite Device Master versions 1.0.10 and prior. The mitigations are available.
CVE ID: CVE-2023-46604 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Heateor Social Login WordPress plugin. The affected products are Heateor Social Login WordPress versions prior to 1.1.32.
CVE ID: CVE-2024-32674 (Medium)
Apple has released security update to address an arbitrary code execution vulnerability in iTunes 12.13.2 for Windows. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-27793
Google has released Chrome Beta 125 125.0.6422.32 for iOS, Dev channel 126.0.6455.0 Platform version: 15879.0.0 for most ChromeOS devices, Chrome 125 125.0.6422.34 for Android, Stable channel 125.0.6422.41 for Windows &Mac, Beta channel 125.0.6422.41 for Windows, Mac &Linux, Chrome Stable 125 125.0.6422.33 for iOS and Chrome Beta 125 125.0.6422.34 for Android.
Authentication bypass vulnerability has been discovered in Social Connect plugin for WordPress. The affected versions are Social Connect plugin for WordPress versions up to, and including, 1.2.
CVE ID: CVE-2024-4393 (Critical)
Arbitrary file deletion vulnerability has been discovered in Startklar Elementor Addons plugin for WordPress. The affected versions are Startklar Elementor Addons plugin for WordPress versions up to, and including, 1.7.13.
CVE ID: CVE-2024-4346 (Critical)
Authentication bypass vulnerability has been discovered in Build App Online plugin for WordPress. The affected versions are Build App Online plugin for WordPress for WordPress versions up to, and including, 3.0.5.
CVE ID: CVE-2024-4186 (Critical)
Reliance on Insufficiently Trustworthy Component vulnerability has been discovered in Subnet Solutions Inc.'s Equipment- Substation Server. The affected versions are Substation Server 2.23.10 and prior. The mitigations are available.
CVE ID: CVE-2024-26024 (High)
Cross-site Scripting vulnerability has been discovered in PTC's Equipment- Codebeamer that allows an attacker to inject malicious code in the application. The affected versions are Codebeamer: version 22.10 SP9 and prior, Codebeamer: version 2.0.0.3 and prior, and Codebeamer: version 2.1.0.0. The mitigations are available.
CVE ID: CVE-2024-3951 (High)
Google has released Chrome 124 (124.0.6367.159) for Android, Stable channel 124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux
CVE ID: CVE-2024-4558 (High), CVE-2024-4559 (High)
Moxa has released a security update to address a Store Cross Site Scripting (XSS) vulnerability in NPort 5100A Series. The affected versions are NPort 5100A Series prior to version 1.6.
CVE ID: CVE-2024-3576 (High)
Multiple vulnerabilities have been discovered in CyberPower's Equipment- PowerPanel. The affected versions are PowerPanel 4.9.0 and prior. The mitigations are available.
CVE ID: CVE-2024-34025 (Critical), CVE-2024-33615 (High), CVE-2024-32053 (Critical), CVE-2024-32047 (Critical), CVE-2024-32042 (Medium), CVE-2024-31856 (High), CVE-2024-31410 (Medium), CVE-2024-31409 (Medium)
Multiple vulnerabilities have been discovered in Delta Electronics' equipment- DIAEnergie. The affected version is DIAEnergie v1.10.00.005. The mitigations are available.
CVE ID: CVE-2024-34031 (High), CVE-2024-34032 (High), CVE-2024-34033 (High)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2024-34144 (High), CVE-2024-34145 (High), CVE-2024-34146 (Medium), CVE-2024-34147 (Low), CVE-2024-34148 (Medium)
Google has released Chrome Beta 125 125.0.6422.26 for Android, Beta channel 125.0.6422.26 for Windows, Mac &Linux, Chrome Beta 125 125.0.6422.21 for iOS and Chrome Stable 124 124.0.6367.111 for iOS.
SonicWall has released security updates to address multiple vulnerabilities in SonicWall GMS (Virtual Appliance, Windows). The affected versions are GMS (Virtual Appliance, Windows) - 9.3.4 and earlier versions.
CVE ID: CVE-2024-29010 (High), CVE-2024-29011 (High)
CISCO has released security updates for IP Phone 6800, 7800, and 8800 series to resolve multiplatform firmware vulnerabilities that can cause a Denial of Service (DoS) condition, gain unauthorized access, or allow to view sensitive information on an affected system.
CVE ID: CVE-2024-20357, CVE-2024-20376, CVE-2024-20378
It has been observed that hacktivists target and compromise small-scale Operational Technology (OT) systems and the Internet exposed Industrial Control Systems (ICS) operations through their software components, such as Human Machine Interfaces (HMIs), by exploiting Virtual Network Computing (VNC) remote access software and default passwords for malicious activities.
Google has released Chrome 124 (124.0.6367.113) for Android, Beta channel OS version: 15853.16.0 Browser version: 125.0.6422.19 for most ChromeOS devices and Stable channel 124.0.6367.118/.119 for Windows &Mac &124.0.6367.118 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4331 (High), CVE-2024-4368 (High)
Google has released Beta channel ChromeOS version 15823.40.0 with Chrome Browser version 124.0.6367.95 for most ChromeOS devices and Long Term Support (LTS) Channel to 120.0.6099.309, Platform Version: 15662.105.0 for most ChromeOS devices to resolve critical vulnerability.
CVE ID: CVE-2024-4058 (Critical)
CISCO has released security updates to address ArcaneDoor exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20353 (High), CVE-2024-20358 (Medium), CVE-2024-20359 (High)
Google has released Chrome Beta 125 (125.0.6422.14) for iOS, Chrome Beta 125 (125.0.6422.14) for Android, Beta channel to 125.0.6422.14 for Windows, Mac &Linux, Dev channel to OS version: 15853.9.0 Browser version: 125.0.6422.10 for most ChromeOS devices, Chrome 124 (124.0.6367.82) for Android and Stable channel 124.0.6367.78/.79 for Windows &Mac &124.0.6367.78 to Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4058 (Critical), CVE-2024-4059 (High), CVE-2024-4060 (High)
CISCO has released security updates to address command injection vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC).
CVE ID: CVE-2024-20356 (High)
CISCO has released security updates to resolve a command injection vulnerability in the Command Line Interface (CLI) of the Cisco Integrated Management Controller (IMC).
CVE ID: CVE-2024-20295 (High)
A vulnerability has been discovered in the password reset feature of Ai3 QbiBot due to lack of proper access control that allows adversaries to reset any user's password.
CVE ID: CVE-2024-3777 (Critical)
OS command injection and plaintext storage of password vulnerabilities have been discovered in BUFFALO wireless LAN routers. Security updates are available.
CVE ID: CVE-2024-23486 (Medium), CVE-2024-26023 (Medium)
Palo Alto Networks has released security updates to resolve a command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS. The affected versions are PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1.
CVE ID: CVE-2024-3400 (Critical)
Juniper Networks has released security updates to address a stack based buffer overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved.
CVE ID: CVE-2024-30394 (High)
Multiple vulnerabilities have been discovered in XenServer and Citrix Hypervisor. Citrix has released security updates to address these vulnerabilities.
CVE ID: CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142
Rockwell Automation has released a security update to address an input validation vulnerability in Rockwell Automation's 5015-AENFTXT. The affected versions are 5015-AENFTXT: v35 and prior to v2.12.1.
CVE ID: CVE-2024-2424 (High)
Multiple vulnerabilities have been discovered in a-blog cms. The affected versions are a-blog cms Ver.3.1.x series prior to Ver.3.1.12, a-blog cms Ver.3.0.x series prior to Ver.3.0.32, a-blog cms Ver.2.11.x series prior to Ver.2.11.61, a-blog cms Ver.2.10.x series prior to Ver.2.10.53.
CVE ID: CVE-2024-30419 (Medium), CVE-2024-30420 (Medium), CVE-2024-31394 (Medium), CVE-2024-31395 (Medium), CVE-2024-31396 (Medium)
GitLab has released updated versions 16.10.2, 16.9.4, and 16.8.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2024-3092 (High), CVE-2024-2279 (High), CVE-2023-6489 (Medium), CVE-2023-6678 (Medium)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigation to resolve vulnerabilities.
CVE ID: CVE-2023-35980 (Critical), CVE-2023-35981 (Critical), CVE-2023-35982 (Critical), CVE-2023-42789 (Critical), CVE-2024-21762 (Critical), CVE-2024-23113 (Critical), CVE-2023-45614 (Critical), CVE-2023-45615 (Critical), CVE-2023-45616 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-2747 (High), CVE-2023-5629 (High), CVE-2023-5630 (Medium), CVE-2023-6032 (Medium)
Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Fortinet has released security updates to address vulnerabilities in FortiClientMac, FortiClient Linux, FortiOS &FortiProxy. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-45590 (Critical), CVE-2023-45588 (High), CVE-2024-31492 (High), CVE-2023-48784 (Medium), CVE-2023-41677 (High), CVE-2024-23662 (High)
A reliance on insufficiently trustworthy component vulnerability has been discovered in SUBNET Solutions Inc.'s Equipments- PowerSYSTEM Server &Substation Server 2021 that allows privilege escalation, Denial of Service (DoS) or arbitrary code execution . The affected versions are PowerSYSTEM Server 4.07.00 and prior and Substation Server 2021 4.07.00 and prior. Mitigation is available.
CVE ID: CVE-2024-3313 (High)
A vulnerability has been discovered in OpenSSL that can cause unbounded memory growth when processing TLSv1.3 sessions, leading to a Denial of Service (DoS) attack. The affected versions are OpenSSL 3.2, 3.1, 3.0 &1.1.1. Security updates are available.
CVE ID: CVE-2024-2511 (Low)
Microsoft has released the updated Microsoft Edge Stable Channel (Version 123.0.2420.81) and Extended Stable Channel (Version 122.0.2365.120).
CVE ID: CVE-2024-29981 (Medium), CVE-2024-29049 (Medium)
Apache has released security updates to address HTTP response splitting and memory exhaustion vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP Server through 2.4.58.
CVE ID: CVE-2023-38709 (Medium), CVE-2024-24795 (Low), CVE-2024-27316 (Medium)
An improper authentication vulnerability has been discovered in Hitachi Energy's Equipment- Asset Suite 9. The affected versions are Asset Suite prior to 9.6.3.13 and Asset Suite prior to 9.6.4.1. The mitigation is available.
CVE ID: CVE-2024-2244 (Medium)
Inclusion of undocumented features vulnerability has been discovered in Schweitzer Engineering Laboratories' Equipment- SEL 700 series relays. The mitigations are available.
CVE ID: CVE-2024-2103 (Medium)
Google has released Chrome Beta 124 (124.0.6367.26) for iOS, Chrome Beta 124 (124.0.6367.28) for Android, Beta channel 124.0.6367.29 for Windows, Mac &Linux and Beta channel ChromeOS version 15823.16.0 with Chrome Browser version 124.0.6367.24 for most ChromeOS devices.
A Server Side Cross Site Scripting (XSS) vulnerability has been discovered in SiYuan that allows execution of arbitrary commands on the server. The affected version is SiYuan version 3.0.3.
CVE ID: CVE-2024-2692 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Firefox for iOS 124. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-31393 (Medium), CVE-2024-31392 (Low)
Google has released Chrome 123 (123.0.6312.99) for Android, Extended Stable 122.0.6261.156 for Windows &Mac, Stable channel OS version: 15786.41.0 Browser version: 123.0.6312.94 for most ChromeOS devices and Stable channel 123.0.6312.105/.106/.107 for Windows &Mac, Stable channel 123.0.6312.105 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-3156 (High), CVE-2024-3158 (High), CVE-2024-3159 (High)
VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22246 (High), CVE-2024-22247 (Medium), CVE-2024-22248 (High)
An improper access control vulnerability has been discovered in Totolink. The affected version is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
An information disclosure vulnerability has been discovered in Totolink. The affected version is Totolink T8 4.1.5cu.833_20220905.
CVE ID: CVE-2024-0569 (Critical)
It has been discovered that malicious code is embedded in XZ Utils versions 5.6.0 and 5.6.1 that may allow unauthorised access to affected systems. XZ Utils is data compression software and may be present in Linux distributions. Fedora Linux 40 beta does contain these two affected versions of xz libraries.
CVE ID: CVE-2024-3094 (Critical)
Google has released Dev channel ChromeOS version 15823.11.0 with Chrome Browser version 124.0.6367.18 for most ChromeOS devices, Dev channel 125.0.6382.3 for Windows, Mac &Linux, Chrome Dev 125 (125.0.6379.6) for Android, and Chrome Beta 124 (124.0.6367.18) for Android.
Google has released Beta channel 123.0.6312.79 (Platform version: 15786.37.0) for most ChromeOS devices, LTS (Long Term Support) channel version 114.0.5735.358 (Platform Version: 15437.98.0) for most ChromeOS devices, Chrome 123 (123.0.6312.80) for Android, Extended Stable channel 122.0.6261.148 for Windows and Mac, Stable channel 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux.
CVE ID: CVE-2024-1284 (High), CVE-2024-2883 (Critical), CVE-2024-2885 (High), CVE-2024-2886 (High), CVE-2024-2887 (High)
Multiple vulnerabilities have been discovered in AutomationDirect's Equipment- C-MORE EA9 HMI that allow an attacker to exploit a remote device and inject malicious code on the panel. The mitigations are available.
CVE ID: CVE-2024-25136 (High), CVE-2024-25137 (Medium), CVE-2024-25138 (Medium)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- PowerFlex 527 that can crash the device and require a manual restart to recover. The affected versions are PowerFlex 527 versions v2.001.x and later. The mitigations are available.
CVE ID: CVE-2024-2425 (High), CVE-2024-2426 (High), CVE-2024-2427 (High)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- Arena Simulation Software that can crash the application or allow an attacker to run harmful code on the system. The affected version is Arena Simulation Software version 16.00. The mitigations are available.
CVE ID: CVE-2024-21912 (High), CVE-2024-21913 (High), CVE-2024-2929 (High), CVE-2024-21918 (High), CVE-2024-21919 (High), CVE-2024-21920 (Medium)
Cross-site Scripting vulnerability has been discovered in Rockwell Automation's Equipment- FactoryTalk View ME that can lead to the loss of view or control of the PanelView product. The affected versions are FactoryTalk View ME prior to v14. The mitigations are available.
CVE ID: CVE-2024-21914 (Medium), CVE-2024-21914 (Medium)
Apple has released security updates to address multiple vulnerabilities in Safari 17.4.1, macOS Sonoma 14.4.1, and macOS Ventura 13.6.6. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-1580
Mozilla has released a security updates to address a vulnerabilities in Firefox ESR 115.9.1, and Firefox 124.0.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-29944 (Critical), CVE-2024-29943 (Critical)
Multiple vulnerabilities have been discovered in MELSEC Series CPU modules and MELSEC-Q/L Series CPU modules of Mitsubishi Electric. The mitigations are available.
CVE ID: CVE-2024-0802 (Critical), CVE-2024-0803 (Critical), CVE-2024-1915 (Critical), CVE-2024-1916 (Critical), CVE-2024-1917 (Critical), CVE-2023-1424 (Critical)
SonicWall has released security updates to address multiple vulnerabilities in SonicOS and SonicWall Email.
CVE ID: CVE-2024-22396 (Medium), CVE-2024-22397 (Medium), CVE-2024-22398 (Medium)
Google has released Stable channel 123.0.6132.46 for Windows &Mac, Beta channel 123.0.6312.46 for Windows, Mac &Linux, Chrome Beta 123 (123.0.6312.40) for Android and Beta channel 123.0.6312.36 (Platform version: 15786.22.0) for most ChromeOS devices.
Apple has released security updates to address an use-after-free vulnerability in GarageBand 10.4.11. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-23300
Adobe has released security updates to address multiple critical, high, medium &low vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
An elevation of privilege vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container.
CVE ID: CVE-2024-21400 (Critical)
Microsoft has released security updates to address multiple critical, high &medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2023-47534 (High), CVE-2023-42789 (Critical), CVE-2023-42790 (Critical), CVE-2024-23112 (High), CVE-2023-36554 (High), CVE-2023-48788 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Google has released Chrome 122 (122.0.6261.119) for Android, Chrome Beta 123 (123.0.6312.38) for iOS and Stable channel updated to 122.0.6261.128/.129 for Windows &Mac and 122.0.6261.128 for Linux to resolve security fixes &vulnerability.
CVE ID: CVE-2024-2400 (High)
Cybersecurity and Infrastructure Security Agency (CISA) developed Hybrid Identity Solutions Guidance for better understanding identity management capabilities, the tradeoffs that exist in various implementation options, and factors that should be considered when making implementation decisions. This solution's guidance also supports the Secure Cloud Business Application (SCuBA) project’s goal of providing guidance to help agencies effectively implement cybersecurity capabilities as organisations migrate from traditional on-premises infrastructure to the cloud.
Multiple critical, high, medium &low vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.
Microsoft has released security updates to address critical, high, medium &low vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-21334 (Critical), CVE-2024-21400 (Critical)
Remote Code Execution vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container.
CVE ID: CVE-2024-21376 (Critical)
A use of hard-coded credentials vulnerability has been discovered in Chirp Systems' Equipment-Chirp Access, which allows an attacker to take control and gain unrestricted physical access to systems. All versions of Chirp Access are affected.
CVE ID: CVE-2024-2197 (Critical)
VMware has released security updates to address a partial information disclosure vulnerability in VMware Cloud Director. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-22256 (Medium)
A command injection vulnerability has been discovered in GitHub Enterprise Server. The affected versions are GitHub Enterprise Server prior to 3.12.
CVE ID: CVE-2024-1374 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-48795 (Medium), CVE-2024-28149 (High), CVE-2024-28150 (High), CVE-2024-28151 (Medium), CVE-2024-28152 (Medium), CVE-2024-28153 (High), CVE-2024-28154 (Medium), CVE-2024-28155 (Medium), CVE-2024-28161 (Medium), CVE-2024-28162 (Medium), CVE-2024-2215 (Medium), CVE-2024-2216 (Medium), CVE-2024-28156 (High), CVE-2024-28157 (High), CVE-2024-28158 (Medium), CVE-2024-28159 (Medium), CVE-2024-28160 (High)
Drupal has released security updates to address Access bypass vulnerability in Registration role, a third-party library used in it. The affected versions are Registration role prior to 2.0.1.
Moxa has released security update to address a stack-based buffer overflow vulnerability in the built-in web server of Moxa NPort W2150A/W2250A Series firmware. The affected versions are Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior.
CVE ID: CVE-2024-1220 (High)
Authentication bypass vulnerability has been discovered in JetBrains TeamCity. The affected version is JetBrains TeamCity before 2023.11.4.
CVE ID: CVE-2024-27198 (Critical)
Juniper Networks has released security updates to address an improper handling of exceptional conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved. All versions of Junos OS and Junos OS Evolved are affected.
CVE ID: CVE-2023-44186 (High)
Apple has released security updates to address multiple vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2024-23243, CVE-2024-23225, CVE-2024-23296, CVE-2024-23256
Google has released Stable channel 122.0.6045.214 (Platform version: 15753.38.0) for most ChromeOS devices, LTS channel 114.0.5735.355 (Platform Version: 15437.95.0) for most ChromeOS devices, Chrome 122 (122.0.6261.105) for Android, Stable channel 122.0.6261.111/.112 for Windows &Mac and 122.0.6261.111 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-0225 (High), CVE-2024-1059 (High), CVE-2024-2173 (High), CVE-2024-2174 (High), CVE-2024-2176 (High)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1372 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1369 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1359 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1355 (Critical)
Out-of-Bounds Write vulnerability has been discovered in Santesoft's Equipment- Sante FFT Imaging. The affected versions are Sante FFT Imaging: 1.4.1 and prior. The mitigations are available.
CVE ID: CVE-2024-1696 (High)
Improper Output Neutralization for Logs vulnerability has been discovered in Integration Objects's Equipment- OPC UA Server Toolkit. The affected versions are OPC UA Server Toolkit: 1.0.0 and prior. The mitigations are available.
CVE ID: CVE-2023-7234 (Medium)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-03-05 or later, address all of these issues.
Mozilla has released a security update to address a vulnerability in Thunderbird 115.8.1. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-1936 (High)
A SQL injection vulnerability has been discovered in Supabase PostgreSQL. The affected version is Supabase PostgreSQL v15.1.
CVE ID: CVE-2024-24213 (Critical)
RevoWorks has released security updates to address a protection mechanism failure vulnerability in RevoWorks SCVX and RevoWorks Browser. The affected versions are RevoWorks SCVX prior to scvimage4.10.21_1013, and RevoWorks Browser prior to 2.2.95.
CVE ID: CVE-2024-25091 (Low)
A stack based buffer overflow vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B that allows executing arbitrary code. The affected versions are CNCSoft-B 1.0.0.4 and prior.
CVE ID: CVE-2024-1941 (High)
Heap based buffer overflow and out of bounds write vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer that allow to cause memory corruption issues leading to execution of arbitrary code. The affected versions are MicroDicom DICOM Viewer 2023.3 (Build 9342) and prior. The mitigations are available.
CVE ID: CVE-2024-22100 (High), CVE-2024-25578 (High)
It has been observed that Phobos ransomware actors are using Tactics, Techniques and Procedures (TTPs) for bypassing organizational network defense protocols by modifying system firewall configurations. Phobos actors typically gain initial access to vulnerable networks by leveraging phishing campaigns to drop hidden payloads or using Internet Protocol (IP) scanning tools. After the exfiltration phase, Phobos actors then hunt for backups. Cybersecurity and Infrastructure Security Agency (CISA )has released a joint cybersecurity advisory to disseminate IOCs, mitigations for protecting systems and TTPs associated with Phobos ransomware.
Google has released Dev channel 123.0.6312.18 Platform version 15786.10.0 for most ChromeOS devices, Chrome Dev 124 (124.0.6328.0) for Android, Beta channel 123.0.6312.22 for Windows, Mac and Linux, and Chrome Beta 123 (123.0.6312.20) for Android.
It has been observed that cyber threat actors are actively exploiting multiple previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The vulnerabilities affect all supported versions (9.x and 22.x) and can be used in a chain of exploits to enable malicious cyber threat actors to bypass authentication, create malicious requests, and execute arbitrary commands with elevated privileges. Cybersecurity and Infrastructure Security Agency (CISA) has released cybersecurity advisory to disseminate IOCs, mitigations &detection methods to protect affected systems and TTPs associated with threat actors.
CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical), CVE-2024-21893 (High)
A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions are Tongda OA 2017 up to 11.10.
CVE ID: CVE-2024-1251 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda i9. The affected version is Tenda i9 1.0.0.9(4122).
CVE ID: CVE-2024-0996 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda W6. The affected version is Tenda W6 1.0.0.9(4122).
CVE ID: CVE-2024-0995 (Critical)
A path traversal vulnerability has been discovered in Sichuan Yougou Technology KuERP. The affected versions are Sichuan Yougou Technology KuERP up to 1.0.4.
CVE ID: CVE-2024-0989 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda AC10U. The affected version is Tenda AC10U 15.03.06.49_multi_TDE01.
CVE ID: CVE-2024-0931 (Critical)
Cisco has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20321 (High), CVE-2024-20267 (High), CVE-2024-20344 (Medium), CVE-2024-20291 (Medium), CVE-2024-20294 (Medium)
Drupal has released security updates to address multiple vulnerabilities in 3rd party plugins such as Drupal Symfony Mailer Lite, Node Access Rebuild Progressive, Private content, and Coffee modules.
Google has released Chrome 122 (122.0.6261.90) for Android, Stable channel OS version: 15699.72.0 Browser version: 121.0.6167.212 for most ChromeOS devices, and Chrome Beta 123 (123.0.6312.17) for iOS.
VMware has released security updates to address an out of bounds read vulnerability in VMware Workstation and Fusions. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-22251 (Medium)
A Denial of Service (DoS) vulnerability has been discovered in the Ethernet function of multiple FA product of Mitsubishi Electric. The affected products are MELSEC iQ-F Series. The mitigation is available.
CVE ID: CVE-2023-7033 (Medium)
An OpenSSH Terrapin Attack vulnerability has been discovered in Hitachi Energy Lumada products. The affected products are Lumada EAM, Lumada APM, Lumada RM &Lumada AIP. The mitigation is available.
CVE ID: CVE-2023-48795 (Medium)
Moxa has released security updates to resolve an IP forwarding vulnerability in Moxa EDS-4000/G4000 Series that can bypass access controls or hide the source of malicious requests. The affected versions are EDS-4000/G4000 Series prior to version 3.2.
CVE ID: CVE-2024-0387 (Medium)
SonicWall has released security updates to address improper access control vulnerability in SMA100 SSL-VPN virtual office portal. The affected versions are SMA 100 Series 10.2.1.10-62sv and earlier versions.
CVE ID: CVE-2024-22395 (Medium)
An uncontrolled search path element vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B DOPSoft that allows to achieve Remote Code Execution (RCE). The affected versions are CNCSoft-B v1.0.0.4 DOPSoft prior to v4.0.0.82.
CVE ID: CVE-2024-1595 (High)
An authentication bypass vulnerability has been discovered in ConnectWise ScreenConnect that allows access to confidential information or critical systems. The affected versions are ConnectWise ScreenConnect 23.9.7 and prior.
CVE ID: CVE-2024-1709 (Critical)
Juniper has released security updates to address a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in telemetry processing of Juniper Networks Junos OS. An attacker can exploit this vulnerability to take control of an affected system. The affected products are Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S9, 21.1 versions 21.1R1 and later, 21.2 versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S1, 22.3R3-S1, 22.4 versions prior to 22.4R2-S2, 22.4R3 and 23.1 versions prior to 23.1R2.
CVE ID: CVE-2023-44188 (Medium)
Cisco has released security updates to address an insufficient access control vulnerability in Cisco Unified Intelligence Center that allows to read and modify data in a repository that belongs to an internal service on an affected device.
CVE ID: CVE-2024-20325 (Medium)
Google has released Chrome Beta 123 (123.0.6312.3) for Android, Chrome 123.0.6312.4 Beta channel for Windows, Mac and Linux, Chrome Beta 123 (123.0.6312.2) for iOS and LTC channel version 120.0.6099.294 (Platform Version: 15662.94.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1283 (High), CVE-2024-1284 (High)
A heap corruption vulnerability has been discovered in libgit2 that can be leveraged for arbitrary code execution. The vulnerability has been patched in version 1.6.5 and 1.7.2.
CVE ID: CVE-2024-24577 (Critical)
An arbitrary code execution vulnerability has been discovered in MyQ Print Server. The affected versions are MyQ Print Server before 8.2 patch 43.
CVE ID: CVE-2024-22076 (Critical)
CISA has released top cyber actions for securing Water and Wastewater Systems Sector entities, which run Operational Technology (OT) and Information Technology (IT) systems to reduce cyber risk and improve resilience to cyberattacks.
A double-free vulnerability has been discovered in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23809 (Critical)
An out-of-bounds write vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23606 (Critical)
An use-after-free vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23310 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.8, Firefox ESR 115.8, and Firefox 123. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-1546 (High), CVE-2024-1547 (High), CVE-2024-1548 (Medium), CVE-2024-1549 (Medium), CVE-2024-1550 (Medium), CVE-2024-1551 (Medium), CVE-2024-1552 (Low), CVE-2024-1553 (High), CVE-2024-1554 (Medium), CVE-2024-1555 (Medium), CVE-2024-1556 (Low), CVE-2024-1557 (High)
Google has released Chrome 122 (122.0.6261.64) for Android, Beta channel 122.0.6261.57 for Windows, Mac and Linux, Chrome Beta 122 (122.0.6261.64) for Android, Chrome Stable 122 (122.0.6261.62) for iOS, and Chrome 122.0.6261.57 for Linux and Mac, 122.0.6261.57/.58 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1669 (High), CVE-2024-1670 (High), CVE-2024-1671 (Medium), CVE-2024-1672 (Medium), CVE-2024-1673 (Medium), CVE-2024-1674 (Medium), CVE-2024-1675 (Medium), CVE-2024-1676 (Low)
Multiple vulnerabilities have been discovered in Commend's Equipment- WS203VICM that allow an attacker to obtain sensitive information or force the system to restart. The affected versions are WS203VICM 1.7 and prior. The mitigation is available.
CVE ID: CVE-2024-22182 (High), CVE-2024-21767 (Critical), CVE-2024-23492 (Medium)
Multiple vulnerabilities have been discovered in CISA's Equipment- Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek that allow Remote Code Execution (RCE). The affected versions are Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior. The mitigations are available.
CVE ID: CVE-2023-7244 (Critical), CVE-2023-7243 (Critical), CVE-2023-7242 (High)
VMware has released security updates to address multiple vulnerabilities in VMware Enhanced Authentication Plug-in (EAP), VMware Aria Operations and VMware Cloud Foundation. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22245 (Critical), CVE-2024-22250 (High), CVE-2024-22235 (Medium)
An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
CVE ID: CVE-2024-25579 (Medium)
Multiple vulnerabilities have been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
CVE ID: CVE-2024-21798 (Medium), CVE-2024-23910 (Medium)
A Remote Code Execution (RCE) vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in Electrical discharge machines of Mitsubishi Electric. The mitigation is available.
CVE ID: CVE-2023-21554 (Critical)
An arbitrary command execution vulnerability has been discovered due to insecure deserialization in Torrentpier. The affected version is Torrentpier 2.4.1.
CVE ID: CVE-2024-1651 (Critical)
An OS command injection vulnerability has been discovered in Loomio that allows executing arbitrary commands on the server. The affected version is Loomio 2.22.0.
CVE ID: CVE-2024-1297 (Critical)
A privilege escalation vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform (FTSP). The affected products are FactoryTalk® Service Platform software version prior to v2.74. Security updates are available.
CVE ID: CVE-2024-21915 (Critical)
Google has updated the Stable channel to OS version 15699.66.0 Browser version 121.0.6167.188 for most ChromeOS devices and LTS channel to 114.0.5735.351 Platform Version: 15437.91.0 to resolve multiple vulnerabilities.
CVE ID: CVE: CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2023-51042 (High), CVE-2023-6931 (High), CVE-2023-6817 (High), CVE-2023-46813 (High), CVE-2023-6932 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Oracle has released its critical patch update for January 2024 to address 389 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
SolarWinds has released a security update to address multiple vulnerabilities in Access Rights Manager. The affected versions are SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions.
CVE ID: CVE-2023-40057 (Critical), CVE-2024-23476 (Critical), CVE-2024-23477 (High), CVE-2024-23478 (High), CVE-2024-23479 (Critical)
Google has released Chrome 122 (122.0.6261.43) for Android, Chrome Beta 122 (122.0.6261.47) for iOS, Chrome Stable 122 (122.0.6261.48) for iOS, Stable channel 122.0.6261.39 for Windows &122.0.6261.49 for Mac, Beta channel 122.0.6261.39 for Windows, Mac &Linux, and Chrome Beta 122 (122.0.6261.43) for Android.
It has been discovered that the functionality for file download in HGiga OAKlouds' contains an arbitrary file read and delete vulnerability.
CVE ID: CVE-2024-26261 (Critical)
It has been discovered that the functionality for synchronization in HGiga OAKlouds' has an OS command injection vulnerability that allows to inject system commands within specific request parameters.
CVE ID: CVE-2024-26260 (Critical)
An improper authentication vulnerability has been discovered in SonicWall SonicOS SSL-VPN feature. The affected version is SonicOS 7.1.1-7040.
CVE ID: CVE-2024-22394 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Axigen WebMail that allows to escalate privileges. The affected versions are Axigen WebMail v.10.5.7 and before.
CVE ID: CVE-2023-48974 (Critical)
A vulnerability has been discovered in SQLAlchemyDA that allows unauthenticated execution of arbitrary SQL statements on the database. The affected products are SQLAlchemyDA versions prior to 2.2.
CVE ID: CVE-2024-24811 (Critical)
An unrestricted upload vulnerability has been discovered in Juanpao JPShop. The affected versions are Juanpao JPShop up to 1.5.02.
CVE ID: CVE-2024-1264 (Critical)
A buffer overflow vulnerability has been discovered in Tenda AC9. The affected version is Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi.
CVE ID: CVE-2024-24543 (Critical)
Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability in CKEditor 4 LTS - WYSIWYG HTML editor, a third-party library used in it. The affected versions are CKEditor 4 LTS - WYSIWYG HTML editor 1.0.0 and below 1.0.1.
CVE ID: CVE-2024-24815
Siemens has released Security Updates to address multiple vulnerabilities in its products. These updates as per OEM recommendations may be implemented.
An information disclosure vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-R Series Safety CPU and SIL2 Process CPU module. All versions of MELSEC iQ-R Series Safety CPU and MELSEC iQ-R Series SIL2 Process CPU are affected. The mitigation is available.
CVE ID: CVE-2023-6815 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20738 (Critical),CVE-2024-20739 (High), CVE-2024-20750 (High), CVE-2024-20719 (Critical), CVE-2024-20720 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-21364 (Critical), CVE-2024-21376 (Critical), CVE-2024-21401 (Critical), CVE-2024-21403 (Critical), CVE-2024-21410 (Critical), CVE-2024-21413 (Critical)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-50868 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-50387 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-6516 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-5680 (Medium)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-5679 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-5517 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-4408 (High)
Google has released Chrome 121 (121.0.6167.178) for Android, Extended Stable channel 120.0.6099.291 for Windows &Mac, Stable channel 121.0.6167.184 for Mac &Linux and 121.0.6167.184/185 to Windows.
Arbitrary code execution vulnerability has been discovered in Malwarebytes Binisoft Windows Firewall Control. The affected versions are Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2.
CVE ID: CVE-2024-25089 (Critical)
A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
CVE ID: CVE-2024-24021 (Critical)
A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
CVE ID: CVE-2024-24017 (Critical)
A vulnerability has been discovered in Johnson Controls impacting IQ Panel 4 and IQ4 Hub, which allows unauthorized access to settings. All versions of IQ Panel 4 prior to 4.4.2 and all versions of IQ4 Hub prior to 4.4.2 are affected. The mitigations are available.
CVE ID: CVE-2024-0242
An out-of-bounds write vulnerability has been discovered in FortiOS that can allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. The updates are available.
CVE ID: CVE-2024-21762 (Critical)
An use of externally-controlled format string vulnerability has been discovered in FortiOS fgfmd daemon that can allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The updates are available.
CVE ID: CVE-2024-23113 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
CVE ID: CVE-2024-23109 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
CVE ID: CVE-2024-23108 (Critical)
A SQL injection vulnerability has been discovered in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin. The affected versions are Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin versions up to, and including, 3.7.1.
CVE ID: CVE-2024-0685 (Critical)
A vulnerability has been discovered in Vinchin Backup &Recovery that allows to be configured with default root credentials. The affected version is Vinchin Backup &Recovery v7.2.
CVE ID: CVE-2024-22902 (Critical)
A vulnerability has been discovered in Vinchin Backup &Recovery due to the use of default MYSQL credentials. The affected version is Vinchin Backup &Recovery v7.2.
CVE ID: CVE-2024-22901 (Critical)
A vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform that allows to obtain the service token and use it for authentication on another FTSP directory.
CVE ID: CVE-2024-21917 (Critical)
Cisco has released security updates to address multiple Cross Site Request Forgery (CSRF) vulnerabilities in Cisco Expressway Series. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20252 (Critical), CVE-2024-20254 (Critical), CVE-2024-20255 (High)
Google has released Chrome Beta 122 (122.0.6261.27) for Android, Chrome Stable 121 (121.0.6167.171) for iOS, Beta channel 122.0.6261.29 for Windows, Mac &Linux, LTC-120 version 120.0.6099.272 (Platform Version: 15662.88.0) for most ChromeOS devices, Chrome Beta 122 (122.0.6261.26) for iOS and Stable channel OS version 15699.58.0 Browser version 121.0.6167.159 for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1280 (Medium), CVE-2024-1281 (Medium), CVE-2024-25556 (Medium), CVE-2024-25557 (Medium), CVE-2024-25558 (Medium), CVE-2023-6817 (Medium), CVE-2023-6932 (Medium), CVE-2024-0806 (Medium), CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2024-0813 (Medium), CVE-2024-0814 (Medium), CVE-2024-0809 (Low), CVE-2024-0811 (Low)
Cisco has released security updates to address a Denial of Service (DoS) vulnerability in ClamAV OLE2 File Format Parser.
CVE ID: CVE-2024-20290 (High)
GitLab has released updated versions 16.8.2, 16.7.5, and 16.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2024-1250 (Medium), CVE-2023-6840 (Medium), CVE-2023-6386 (Medium), CVE-2024-1066 (Medium)
JetBrains has released security update for TeamCity On-Premises to address a vulnerability that allow unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server. All versions of TeamCity On-Premises from 2017.1 through 2023.11.2 are affected.
CVE ID: CVE-2024-23917 (Critical)
Remote code execution vulnerability has been discovered in IBM Operational Decision Manager. The affected versions are IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1.
CVE ID: CVE-2024-22319 (Critical)
Arbitrary command execution vulnerability has been discovered in Notion Web Clipper. The affected version is Notion Web Clipper 1.0.3(7).
CVE ID: CVE-2024-23745 (Critical)
Improper Authorization vulnerability has been discoveerd in HID Global's Equipment- iCLASS SE, OMNIKEY. All versions of iCLASS SE CP1000 Encoder, iCLASS SE Readers, iCLASS SE Reader Modules, iCLASS SE Processors, OMNIKEY 5427CK Readers, OMNIKEY 5127CK Readers, OMNIKEY 5023 Readers, and OMNIKEY 5027 Readers are affected.
CVE ID: CVE-2024-22388 (Medium)
Improper Authorization vulnerability has been discovered in HID Global's Equipment- Reader Configuration Cards. All versions of HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards are affected.
CVE ID: CVE-2024-23806 (Medium)
Cisco has released security updates to address Snort access control policy bypass vulnerability in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20246 (Medium)
VMware has released security updates to address multiple vulnerabilities in VMware Aria Operations for Networks. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22237 (High), CVE-2024-22238 (Medium), CVE-2024-22239 (Medium), CVE-2024-22240 (Medium), CVE-2024-22241 (Medium)
Google has released Chrome 121 (121.0.6167.164) for Android, Stable channel 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 for Windows, and Extended Stable channel 120.0.6099.283 for Windows and Mac.
CVE ID: CVE-2024-1284 (High), High CVE-2024-1283 (High)
Authentication bypass vulnerability has been discovered in the Admin UI component of CrateDB. The affected version is CrateDB 5.5.1.
CVE ID: CVE-2023-51982 (Critical)
A SQL injection vulnerability has been discovered in the 'HTML5 Video Player' WordPress Plugin. The affected versions are 'HTML5 Video Player' WordPress Plugin prior to 2.5.25.
CVE ID: CVE-2024-1061 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-02-05 or later, address all of these issues.
Docker has released security updates to resolve multiple vulnerabilities in several products. The affected versions are runc 1.1.11 and below, BuildKit 0.12.4 and below, Moby (Docker Engine) 25.0.1 and below and 24.0.8 and below, and Docker Desktop 4.27.0 and below.
CVE ID: CVE-2024-21626 (High), CVE-2024-23651 (High), CVE-2024-23652 (High), CVE-2024-23653 (High), CVE-2024-23650 (Medium), CVE-2024-24557 (Medium)
Privilege escalation, and Server-side request forgery vulnerabilities have been discovered in Ivanti Connect Secure, Ivanti Policy Secure and ZTA Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways are affected. The patches and mitigations are available.
CVE ID: CVE-2024-21888 (High), CVE-2024-21893 (High)
An uncontrolled search path element vulnerabilitiy have been discovered in AVEVA's Equipment- AVEVA Edge products aka InduSoft Web Studio that results in achieving arbitrary code execution and privilege escalation . The affected versions are AVEVA Edge 2020 R2 SP2 and prior. The mitigation is available.
CVE ID: CVE-2023-6132 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 121.0.2277.98) and Microsoft Edge Extended Stable Channel (120.0.2210.167) to resolve vulnerability.
CVE ID: CVE-2024-21399 (High)
Multiple vulnerabilities have been discovered in Gessler GmbH's Equipment- WEB-MASTER. The affected version is WEB-MASTER 7.9. The mitigation is available.
CVE ID: CVE-2024-1039 (Critical), CVE-2024-1040 (Medium)
An integer underflow vulnerability has been discovered in WebUI of Google Chrome, which allows heap corruption via a malicious file. The affected versions are WebUI of Google Chrome prior to 121.0.6167.85. Security updates are available.
CVE ID: CVE-2024-0808 (Critical)
A SQL injection vulnerability has been discovered in Webkul Bundle Product that allows to execute arbitrary code. The affected version is Webkul Bundle Product 6.0.1.
CVE ID: CVE-2023-51210 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK A3700R_V9.1.2u.6165_20211012.
CVE ID: CVE-2024-22662 (Critical)
An authentication bypass vulnerability has been discovered in Fortra's GoAnywhere MFT. The affected versions are Fortra GoAnywhere MFT prior to 7.4.1.
CVE ID: CVE-2024-0204 (Critical)
An authentication bypass vulnerability has been discovered in darkhttpd. The affected versions are darkhttpd before 1.15.
CVE ID: CVE-2024-23771 (Critical)
An arbitrary code execution vulnerability has been discovered in OpenAPI loader for Embedchain. The affected versions are OpenAPI loader ifor Embedchain before 0.1.57.
CVE ID: CVE-2024-23731 (Critical)
A session fixation vulnerability has been discovered in Enonic XP. The affected versions are Enonic XP versions less than 7.7.4.
CVE ID: CVE-2024-23679 (Critical)
Microsoft Edge (Chromium-based) has released Microsoft Edge Stable Channel (Version 121.0.2277.83) and Microsoft Edge Extended Stable Channel (120.0.2210.160) to resolve elevation of privilege vulnerability which can lead to a full compromise of the browser.
CVE ID: CVE-2024-21326 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High), CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903 (Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904 (High)
Cisco has released security updates to resolve bypass vulnerability in Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches.
CVE ID: CVE-2024-20263 (Medium)
Cisco has released security updates to resolve a Cross Site Scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection.
CVE ID: CVE-2024-20305 (Medium)
A critical vulnerability has been discovered in multiple Cisco Unified Communications and Contact Center Solutions products. Successful exploitation can allow to execute arbitrary code on an affected device.
CVE ID: CVE-2024-20253 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
An unsafe reflection vulnerability has been discovered in GitHub Enterprise Server that can lead to reflection injection. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-0200 (Critical)
A critical vulnerability has been discovered in Totolink that leads to improper access controls. The affected version is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
Multiple vulnerabilities have been discovered in Voltronic Power's Equipment- ViewPower Pro. The affected version is ViewPower Pro 2.0-22165.
CVE ID: CVE-2023-51570 (Critical), CVE-2023-51571 (High), CVE-2023-51572 (Critical), CVE-2023-51573 (Critical)
An improper access control vulnerability has been discovered in APsystems' Equipment- Energy communication Unit (ECU-C) Power Control Software. The affected versions are Energy Communication Unit Power Control Software: C1.2.2, v3.11.4, W2.1.NA, v4.1SAA and v4.1NA.
CVE ID: CVE-2022-44037 (High)
Crestron has released a security update to address an OS command injection vulnerability in its equipment- AM-300. The affected version is AM-300 1.4499.00018.
CVE ID: CVE-2023-6926 (High)
Multiple vulnerabilities have been discovered in Westermo's equipment- Lynx 206-F2G. The affected versions are Lynx: Model Version L206-F2G1, and Lynx: Firmware Version 4.24. The mitigation is available.
CVE ID: CVE-2023-40143 (Medium), CVE-2023-45222 (Medium), CVE-2023-45735 (High), CVE-2023-45213 (Medium), CVE-2023-42765 (Medium), CVE-2023-40544 (Medium), CVE-2023-38579 (High), CVE-2023-45227 (Medium)
A weak encoding for password vulnerability has been discovered in Lantronix's Equipment- XPort. The affected version is XPort Device Server Configuration Manager 2.0.0.13.
CVE ID: CVE-2023-7237 (Medium)
A Cross Site Scripting (XSS) vulnerability has been discovered in Orthanc's Equipment- Osimis Web Viewer. The affected version is Osimis WebViewer 1.4.2.0-9d9eff4. The mitigation is available.
CVE ID: CVE-2023-7238 (High)
A Remote Command Execution (RCE) vulnerability has been discovered in TOTOlink. The affected version is TOTOlink EX1200T V4.1.2cu.5232_B20210713.
CVE ID: CVE-2023-52032 (Critical)
An arbitrary code execution vulnerability has been discovered in D-Link. The affected version is D-Link dir815 v.1.01SSb08.bin.
CVE ID: CVE-2023-51123 (Critical)
An integer overflow vulnerability has been discovered in Redis that leads to heap overflow and potential Remote Code Execution (RCE). Security updates are available.
CVE ID: CVE-2023-41056 (Critical)
Microsoft has released security update to address vulnerability in Microsoft Edge Stable Channel (Version 120.0.2210.144) to resolve a vulnerability.
CVE ID: CVE-2024-0519
Google has released Chrome Stable 121 (121.0.6167.66) for iOS, Chrome Beta 121 (121.0.6167.71) for Android, Stable channel 121.0.6167.75 for Windows and Mac, and Beta channel 121.0.6167.75 for Windows, Mac and Linux.
Trend Micro has released a security update to address local privilege escalation vulnerabilities in Trend Micro Deep Security Agent, Platform: Windows. The affected version is Trend Micro Deep Security Agent (Including Cloud One - Endpoint and Workload Security) 20.0.
CVE ID: CVE-2023-52337 (High), CVE-2023-52338 (High)
A SQL injection vulnerability has been discovered in soxft TimeMail. The affected versions are soxft TimeMail up to 1.1.
CVE ID: CVE-2024-0344 (Critical)
VMware has released security updates to address a missing access control vulnerability in VMware Aria Automation & VMware Cloud Foundation. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34063 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-26031 (High), CVE-2023-29258 (High), CVE-2023-45178 (High), CVE-2023-45287 (High), CVE-2023-46167 (High), CVE-2023-6337 (High), CVE-2023-6534 (High), CVE-2023-7104 (High)
A command injection vulnerability has been discovered in Tenda AX1803. The affected version is Tenda AX1803 v1.0.0.1.
CVE ID: CVE-2023-51972 (Critical)
Cisco has released security update to address multiple vulnerabilities in Cisco TelePresence Management Suite. The affected versions are Cisco TelePresence Management Suite earlier than 15.13.6.
CVE ID: CVE-2023-20248, CVE-2023-20249
A stack overflow vulnerability has been discovered in TRENDnet that leads to arbitrary command execution. The affected version is TRENDnet TV-IP1314PI 5.5.3 200714.
CVE ID: CVE-2023-49236 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.133) to resolve vulnerabilities.
CVE ID: CVE-2024-21337 (Medium), CVE-2024-20709, CVE-2024-20721, CVE-2024-20675 (Medium)
A buffer overflow vulnerability has been discovered in Totolink X2000R. The affected version is Totolink X2000R 1.0.0-B20221212.1452.
CVE ID: CVE-2023-7222 (Critical)
An arbitrary code execution vulnerability has been discovered that causes Denial of Service (DoS) in NetScout nGeniusOne. The affected version is NetScout nGeniusOne v.6.3.4.
CVE ID: CVE-2023-26999 (Critical)
An out of bounds read vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
CVE ID: CVE-2024-0322 (Critical)
A stack based buffer overflow vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
CVE ID: CVE-2024-0321 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in Youke365. The affected versions are Youke365 up to 1.5.3.
CVE ID: CVE-2024-0304 (Critical)
A vulnerability has been discovered in DeDeCMS that leads to unrestricted uploading. The affected versions are DeDeCMS up to 5.7.112.
CVE ID: CVE-2023-7212 (Critical)
A stack based buffer overflow vulnerability has been discovered in Horner Automation's Equipment- Cscape that allows to execute arbitrary code. The affected versions are Cscape 9.90 SP10 and prior.
CVE ID: CVE-2023-7206 (High)
Google has released Dev channel 122.0.6226.0 (Platform version: 15739.0.0) for most ChromeOS devices, Chrome Dev 122 (122.0.6238.3) for Android and Dev channel 122.0.6238.2 for Windows, Mac & Linux.
Juniper has released security updates to address a missing release of memory after effective lifetime vulnerability in the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and Junos OS Evolved that allows to cause a Denial of Service (DoS) condition.
CVE ID: CVE-2024-21611 (High)
A use after free vulnerability has been discovered in Lotos WebServer. The affected versions are Lotos WebServer through 0.1.1.
CVE ID: CVE-2024-22088 (Critical)
A Remote Code Execution(RCE) vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 v16.03.12.11.
CVE ID: CVE-2023-51812 (Critical)
A path traversal vulnerability has been discovered in Arcserve UDP. The affected versions are Arcserve UDP prior to 9.2.
CVE ID: CVE-2023-42000 (Critical)
The authentication bypass and command injection vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure and Ivanti Policy Secure Gateways are affected. The mitigation is available.
CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical)
Cisco has released security updates to address an unauthenticated arbitrary file Upload vulnerability in Cisco Unity Connection. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-20272 (Critical)
Drupal has released security updates to address the Cross Site Scripting (XSS) and access bypass vulnerabilities in File entity, a third-party library used in it.
Google has released Beta channel 121.0.6167.57 for Windows, Mac & Linux, Chrome Beta 121 (121.0.6167.56) for iOS, Beta channel OS version: 15699.29.0, Browser version: 121.0.6167.49 for most ChromeOS devices, Chrome Beta 121 (121.0.6167.57) for Android and LTS channel 114.0.5735.346 (Platform Version: 15437.84.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-7024 (High), CVE-2023-5197 (High), CVE-2023-5851 (Medium), CVE-2023-5852 (Medium), CVE-2023-5855 (Medium)
Trend Micro has released security updates to address local privilege escalation vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service, Platform: Windows. The affected versions are Trend Micro Apex One 2019 (On-prem) and Trend Micro Apex One as a Service SaaS.
CVE ID: CVE-2023-52090 (High), CVE-2023-52091 (High), CVE-2023-52092 (High), CVE-2023-52093 (High), CVE-2023-52094 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-49621 (Critical), CVE-2023-51438 (Critical), CVE-2023-45871 (Critical), CVE-2023-45853 (Critical)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-49583 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-50423 (Critical), CVE-2023-50424 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-0057 (Critical), CVE-2024-20674 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe Substance 3D Stager. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium), CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)
An improper privilege management vulnerability has been discovered in FortiOS and FortiProxy. The affected versions are FortiOS 7.4, FortiOS 7.2, and FortiProxy 7.4. Security updates are available.
CVE ID: CVE-2023-44250 (High)
Google has released Chrome 120 (120.0.6099.210) for Android, and Stable channel 120.0.6099.216 for Mac, Linux and 120.0.6099.216/217 to Windows to resolve vulnerability.
CVE ID: CVE-2024-0333 (High)
Schneider Electric's has released security updates to address Deserialization of untrusted data vulnerability in Easergy Studio product. The affected versions are Easergy Studio prior to v9.3.5.
CVE ID: CVE-2023-7032 (High)
A vulnerability has been discovered in PAN-OS software that allows to intercept SSH traffic on the PAN-OS management network causes Machine in the Middle (MitM) attacks.
CVE ID: CVE-2023-48795
A privilege escalation vulnerability has been discovered in SpringBlade. The affected versions are SpringBlade v.3.7.0 and before.
CVE ID: CVE-2023-47458 (Critical)
Google has released Stable channel 120.0.6099.203 (Platform version: 15662.64.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-7024 (High), CVE-2023-6508 (High), CVE-2023-6509 (High), CVE-2023-6511 (Low), CVE-2023-39191 (Medium)
A deserialization of untrusted data vulnerability has been discovered in Presslabs Theme per user. The affected versions are Theme per user: from n/a through 1.0.1.
CVE ID: CVE-2023-52181 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in TOTOLINK X6000R. The affected version is TOTOLINK X6000R v9.4.0cu.852_B20230719.
CVE ID: CVE-2023-50651 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK X2000R Gh. The affected version is TOTOLINK X2000R Gh v1.0.0-B20230221.0948.
CVE ID: CVE-2023-51136 (Critical)
A SQL injection vulnerability has been discovered in Grupo Embras GEOSIAP ERP. The affected version is Grupo Embras GEOSIAP ERP v2.2.167.02.
CVE ID: CVE-2023-50589 (Critical)
A Server Side Template Injection (SSTI) vulnerability has been discovered in jeecg-boot that allows to execute arbitrary code via crafted HTTP request. The affected version is jeecg-boot version 3.5.3.
CVE ID: CVE-2023-41544 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.121) to resolve vulnerabilities.
CVE ID: CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-2976 (Medium), CVE-2020-36518 (High), CVE-2022-42004 (Medium), CVE-2022-42003 (Medium)
Google has released Chrome Beta 121 (121.0.6167.48) for iOS, Beta channel 121.0.6167.47 for Windows, Mac and Linux, Chrome Beta 121 (121.0.6167.47) for Android and Dev channel OS version: 15699.25.0, Browser version: 121.0.6167.40 for most ChromeOS devices.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later, address all of these issues.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later address all of these issues.
Google has released Chrome 120 (120.0.6099.193) for Android and Stable channel 120.0.6099.199 for Mac & Linux and 120.0.6099.199/200 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2024-0222 (High), CVE-2024-0223 (High), CVE-2024-0224 (High), CVE-2024-0225 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Qualcomm has released a security bulletin to resolve multiple vulnerabilities affecting several devices.
CVE ID: CVE-2023-33032 (Critical), CVE-2023-33030 (Critical), CVE-2023-33025 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-44483 (Medium), CVE-2023-44487 (High), CVE-2023-46158 (Medium), CVE-2023-45857 (High), CVE-2021-28165 (High), CVE-2020-27216 (High)
