An elevation of privilege vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container.
CVE ID: CVE-2024-21400 (Critical)
Microsoft has released security updates to address multiple critical, high & medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. An attacker can exploit some of these vulnerabilities to take control of an affected system. CVE ID: CVE-2023-47534 (High), CVE-2023-42789 (Critical), CVE-2023-42790 (Critical), CVE-2024-23112 (High), CVE-2023-36554 (High), CVE-2023-48788 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.?
Google has released Chrome 122 (122.0.6261.119) for Android, Chrome Beta 123 (123.0.6312.38) for iOS and Stable channel updated to 122.0.6261.128/.129 for Windows & Mac and 122.0.6261.128 for Linux to resolve security fixes & vulnerability.
CVE ID: CVE-2024-2400 (High)
Cybersecurity and Infrastructure Security Agency (CISA) developed Hybrid Identity Solutions Guidance for better understanding identity management capabilities, the tradeoffs that exist in various implementation options, and factors that should be considered when making implementation decisions. This solution's guidance also supports the Secure Cloud Business Application (SCuBA) project’s goal of providing guidance to help agencies effectively implement cybersecurity capabilities as organisations migrate from traditional on-premises infrastructure to the cloud.
Multiple critical, high, medium & low vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve vulnerabilities.
Microsoft has released security updates to address critical, high, medium & low vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-21334 (Critical), CVE-2024-21400 (Critical)
Remote Code Execution vulnerability has been discovered in Microsoft Azure Kubernetes Service Confidential Container.
CVE ID: CVE-2024-21376 (Critical)
A use of hard-coded credentials vulnerability has been discovered in Chirp Systems' Equipment-Chirp Access, which allows an attacker to take control and gain unrestricted physical access to systems. All versions of Chirp Access are affected.
CVE ID: CVE-2024-2197 (Critical)
VMware has released security updates to address a partial information disclosure vulnerability in VMware Cloud Director. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-22256 (Medium)
A command injection vulnerability has been discovered in GitHub Enterprise Server. The affected versions are GitHub Enterprise Server prior to 3.12.
CVE ID: CVE-2024-1374 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2023-48795 (Medium), CVE-2024-28149 (High), CVE-2024-28150 (High), CVE-2024-28151 (Medium), CVE-2024-28152 (Medium), CVE-2024-28153 (High), CVE-2024-28154 (Medium), CVE-2024-28155 (Medium), CVE-2024-28161 (Medium), CVE-2024-28162 (Medium), CVE-2024-2215 (Medium), CVE-2024-2216 (Medium), CVE-2024-28156 (High), CVE-2024-28157 (High), CVE-2024-28158 (Medium), CVE-2024-28159 (Medium), CVE-2024-28160 (High)
Drupal has released security updates to address Access bypass vulnerability in Registration role, a third-party library used in it. The affected versions are Registration role prior to 2.0.1.
Moxa has released security update to address a stack-based buffer overflow vulnerability in the built-in web server of Moxa NPort W2150A/W2250A Series firmware. The affected versions are Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior.
CVE ID: CVE-2024-1220 (High)
Authentication bypass vulnerability has been discovered in JetBrains TeamCity. The affected version is JetBrains TeamCity before 2023.11.4.
CVE ID: CVE-2024-27198 (Critical)
Juniper Networks has released security updates to address an improper handling of exceptional conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved. All versions of Junos OS and Junos OS Evolved are affected.
CVE ID: CVE-2023-44186 (High)
Apple has released security updates to address multiple vulnerabilities in iOS 17.4, iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2024-23243, CVE-2024-23225, CVE-2024-23296, CVE-2024-23256
Google has released Stable channel 122.0.6045.214 (Platform version: 15753.38.0) for most ChromeOS devices, LTS channel 114.0.5735.355 (Platform Version: 15437.95.0) for most ChromeOS devices, Chrome 122 (122.0.6261.105) for Android, Stable channel 122.0.6261.111/.112 for Windows & Mac and 122.0.6261.111 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-0225 (High), CVE-2024-1059 (High), CVE-2024-2173 (High), CVE-2024-2174 (High), CVE-2024-2176 (High)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1372 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1369 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1359 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1355 (Critical)
Out-of-Bounds Write vulnerability has been discovered in Santesoft's Equipment- Sante FFT Imaging. The affected versions are Sante FFT Imaging: 1.4.1 and prior. The mitigations are available.
CVE ID: CVE-2024-1696 (High)
Improper Output Neutralization for Logs vulnerability has been discovered in Integration Objects's Equipment- OPC UA Server Toolkit. The affected versions are OPC UA Server Toolkit: 1.0.0 and prior. The mitigations are available.
CVE ID: CVE-2023-7234 (Medium)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-03-05 or later, address all of these issues.
Mozilla has released a security update to address a vulnerability in Thunderbird 115.8.1. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-1936 (High)
A SQL injection vulnerability has been discovered in Supabase PostgreSQL. The affected version is Supabase PostgreSQL v15.1.
CVE ID: CVE-2024-24213 (Critical)
RevoWorks has released security updates to address a protection mechanism failure vulnerability in RevoWorks SCVX and RevoWorks Browser. The affected versions are RevoWorks SCVX prior to scvimage4.10.21_1013, and RevoWorks Browser prior to 2.2.95.
CVE ID: CVE-2024-25091 (Low)
A stack based buffer overflow vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B that allows executing arbitrary code. The affected versions are CNCSoft-B 1.0.0.4 and prior.
CVE ID: CVE-2024-1941 (High)
Heap based buffer overflow and out of bounds write vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer that allow to cause memory corruption issues leading to execution of arbitrary code. The affected versions are MicroDicom DICOM Viewer 2023.3 (Build 9342) and prior. The mitigations are available.
CVE ID: CVE-2024-22100 (High), CVE-2024-25578 (High)
It has been observed that Phobos ransomware actors are using Tactics, Techniques and Procedures (TTPs) for bypassing organizational network defense protocols by modifying system firewall configurations. Phobos actors typically gain initial access to vulnerable networks by leveraging phishing campaigns to drop hidden payloads or using Internet Protocol (IP) scanning tools. After the exfiltration phase, Phobos actors then hunt for backups. Cybersecurity and Infrastructure Security Agency (CISA )has released a joint cybersecurity advisory to disseminate IOCs, mitigations for protecting systems and TTPs associated with Phobos ransomware.
Google has released Dev channel 123.0.6312.18 Platform version 15786.10.0 for most ChromeOS devices, Chrome Dev 124 (124.0.6328.0) for Android, Beta channel 123.0.6312.22 for Windows, Mac and Linux, and Chrome Beta 123 (123.0.6312.20) for Android.
It has been observed that cyber threat actors are actively exploiting multiple previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The vulnerabilities affect all supported versions (9.x and 22.x) and can be used in a chain of exploits to enable malicious cyber threat actors to bypass authentication, create malicious requests, and execute arbitrary commands with elevated privileges. Cybersecurity and Infrastructure Security Agency (CISA) has released cybersecurity advisory to disseminate IOCs, mitigations & detection methods to protect affected systems and TTPs associated with threat actors.
CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical), CVE-2024-21893 (High)
A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions are Tongda OA 2017 up to 11.10.
CVE ID: CVE-2024-1251 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda i9. The affected version is Tenda i9 1.0.0.9(4122).
CVE ID: CVE-2024-0996 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda W6. The affected version is Tenda W6 1.0.0.9(4122).
CVE ID: CVE-2024-0995 (Critical)
A path traversal vulnerability has been discovered in Sichuan Yougou Technology KuERP. The affected versions are Sichuan Yougou Technology KuERP up to 1.0.4.
CVE ID: CVE-2024-0989 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda AC10U. The affected version is Tenda AC10U 15.03.06.49_multi_TDE01.
CVE ID: CVE-2024-0931 (Critical)
Cisco has released security updates to address multiple vulnerabilities in its products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20321 (High), CVE-2024-20267 (High), CVE-2024-20344 (Medium), CVE-2024-20291 (Medium), CVE-2024-20294 (Medium)
Drupal has released security updates to address multiple vulnerabilities in 3rd party plugins such as Drupal Symfony Mailer Lite, Node Access Rebuild Progressive, Private content, and Coffee modules.
Google has released Chrome 122 (122.0.6261.90) for Android, Stable channel OS version: 15699.72.0 Browser version: 121.0.6167.212 for most ChromeOS devices, and Chrome Beta 123 (123.0.6312.17) for iOS.
VMware has released security updates to address an out of bounds read vulnerability in VMware Workstation and Fusions. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-22251 (Medium)
A Denial of Service (DoS) vulnerability has been discovered in the Ethernet function of multiple FA product of Mitsubishi Electric. The affected products are MELSEC iQ-F Series. The mitigation is available.
CVE ID: CVE-2023-7033 (Medium)
An OpenSSH Terrapin Attack vulnerability has been discovered in Hitachi Energy Lumada products. The affected products are Lumada EAM, Lumada APM, Lumada RM & Lumada AIP. The mitigation is available.
CVE ID: CVE-2023-48795 (Medium)
Moxa has released security updates to resolve an IP forwarding vulnerability in Moxa EDS-4000/G4000 Series that can bypass access controls or hide the source of malicious requests. The affected versions are EDS-4000/G4000 Series prior to version 3.2.
CVE ID: CVE-2024-0387 (Medium)
SonicWall has released security updates to address improper access control vulnerability in SMA100 SSL-VPN virtual office portal. The affected versions are SMA 100 Series 10.2.1.10-62sv and earlier versions.
CVE ID: CVE-2024-22395 (Medium)
An uncontrolled search path element vulnerability has been discovered in Delta Electronics' Equipment- CNCSoft-B DOPSoft that allows to achieve Remote Code Execution (RCE). The affected versions are CNCSoft-B v1.0.0.4 DOPSoft prior to v4.0.0.82.
CVE ID: CVE-2024-1595 (High)
An authentication bypass vulnerability has been discovered in ConnectWise ScreenConnect that allows access to confidential information or critical systems. The affected versions are ConnectWise ScreenConnect 23.9.7 and prior.
CVE ID: CVE-2024-1709 (Critical)
Juniper has released security updates to address a Time-of-check Time-of-use (TOCTOU) race condition vulnerability in telemetry processing of Juniper Networks Junos OS. An attacker can exploit this vulnerability to take control of an affected system. The affected products are Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S9, 21.1 versions 21.1R1 and later, 21.2 versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S1, 22.3R3-S1, 22.4 versions prior to 22.4R2-S2, 22.4R3 and 23.1 versions prior to 23.1R2.
CVE ID: CVE-2023-44188 (Medium)
Cisco has released security updates to address an insufficient access control vulnerability in Cisco Unified Intelligence Center that allows to read and modify data in a repository that belongs to an internal service on an affected device.
CVE ID: CVE-2024-20325 (Medium)
Google has released Chrome Beta 123 (123.0.6312.3) for Android, Chrome 123.0.6312.4 Beta channel for Windows, Mac and Linux, Chrome Beta 123 (123.0.6312.2) for iOS and LTC channel version 120.0.6099.294 (Platform Version: 15662.94.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1283 (High), CVE-2024-1284 (High)
A heap corruption vulnerability has been discovered in libgit2 that can be leveraged for arbitrary code execution. The vulnerability has been patched in version 1.6.5 and 1.7.2.
CVE ID: CVE-2024-24577 (Critical)
An arbitrary code execution vulnerability has been discovered in MyQ Print Server. The affected versions are MyQ Print Server before 8.2 patch 43.
CVE ID: CVE-2024-22076 (Critical)
CISA has released top cyber actions for securing Water and Wastewater Systems Sector entities, which run Operational Technology (OT) and Information Technology (IT) systems to reduce cyber risk and improve resilience to cyberattacks.
A double-free vulnerability has been discovered in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23809 (Critical)
An out-of-bounds write vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23606 (Critical)
An use-after-free vulnerability has been discovered in the sopen_FAMOS_read functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23310 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 115.8, Firefox ESR 115.8, and Firefox 123. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-1546 (High), CVE-2024-1547 (High), CVE-2024-1548 (Medium), CVE-2024-1549 (Medium), CVE-2024-1550 (Medium), CVE-2024-1551 (Medium), CVE-2024-1552 (Low), CVE-2024-1553 (High), CVE-2024-1554 (Medium), CVE-2024-1555 (Medium), CVE-2024-1556 (Low), CVE-2024-1557 (High)
Google has released Chrome 122 (122.0.6261.64) for Android, Beta channel 122.0.6261.57 for Windows, Mac and Linux, Chrome Beta 122 (122.0.6261.64) for Android, Chrome Stable 122 (122.0.6261.62) for iOS, and Chrome 122.0.6261.57 for Linux and Mac, 122.0.6261.57/.58 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1669 (High), CVE-2024-1670 (High), CVE-2024-1671 (Medium), CVE-2024-1672 (Medium), CVE-2024-1673 (Medium), CVE-2024-1674 (Medium), CVE-2024-1675 (Medium), CVE-2024-1676 (Low)
Multiple vulnerabilities have been discovered in Commend's Equipment- WS203VICM that allow an attacker to obtain sensitive information or force the system to restart. The affected versions are WS203VICM 1.7 and prior. The mitigation is available.
CVE ID: CVE-2024-22182 (High), CVE-2024-21767 (Critical), CVE-2024-23492 (Medium)
Multiple vulnerabilities have been discovered in CISA's Equipment- Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek that allow Remote Code Execution (RCE). The affected versions are Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior. The mitigations are available.
CVE ID: CVE-2023-7244 (Critical), CVE-2023-7243 (Critical), CVE-2023-7242 (High)
VMware has released security updates to address multiple vulnerabilities in VMware Enhanced Authentication Plug-in (EAP), VMware Aria Operations and VMware Cloud Foundation. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22245 (Critical), CVE-2024-22250 (High), CVE-2024-22235 (Medium)
An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
CVE ID: CVE-2024-25579 (Medium)
Multiple vulnerabilities have been discovered in ELECOM wireless LAN routers. The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
CVE ID: CVE-2024-21798 (Medium), CVE-2024-23910 (Medium)
A Remote Code Execution (RCE) vulnerability due to Microsoft Message Queuing service on Microsoft Windows exists in Electrical discharge machines of Mitsubishi Electric. The mitigation is available.
CVE ID: CVE-2023-21554 (Critical)
An arbitrary command execution vulnerability has been discovered due to insecure deserialization in Torrentpier. The affected version is Torrentpier 2.4.1.
CVE ID: CVE-2024-1651 (Critical)
An OS command injection vulnerability has been discovered in Loomio that allows executing arbitrary commands on the server. The affected version is Loomio 2.22.0.
CVE ID: CVE-2024-1297 (Critical)
A privilege escalation vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform (FTSP). The affected products are FactoryTalk® Service Platform software version prior to v2.74. Security updates are available.
CVE ID: CVE-2024-21915 (Critical)
Google has updated the Stable channel to OS version 15699.66.0 Browser version 121.0.6167.188 for most ChromeOS devices and LTS channel to 114.0.5735.351 Platform Version: 15437.91.0 to resolve multiple vulnerabilities.
CVE ID: CVE: CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2023-51042 (High), CVE-2023-6931 (High), CVE-2023-6817 (High), CVE-2023-46813 (High), CVE-2023-6932 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
Oracle has released its critical patch update for January 2024 to address 389 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
SolarWinds has released a security update to address multiple vulnerabilities in Access Rights Manager. The affected versions are SolarWinds Access Rights Manager (ARM) 2023.2.2 and prior versions.
CVE ID: CVE-2023-40057 (Critical), CVE-2024-23476 (Critical), CVE-2024-23477 (High), CVE-2024-23478 (High), CVE-2024-23479 (Critical)
Google has released Chrome 122 (122.0.6261.43) for Android, Chrome Beta 122 (122.0.6261.47) for iOS, Chrome Stable 122 (122.0.6261.48) for iOS, Stable channel 122.0.6261.39 for Windows & 122.0.6261.49 for Mac, Beta channel 122.0.6261.39 for Windows, Mac & Linux, and Chrome Beta 122 (122.0.6261.43) for Android.
It has been discovered that the functionality for file download in HGiga OAKlouds' contains an arbitrary file read and delete vulnerability.
CVE ID: CVE-2024-26261 (Critical)
It has been discovered that the functionality for synchronization in HGiga OAKlouds' has an OS command injection vulnerability that allows to inject system commands within specific request parameters.
CVE ID: CVE-2024-26260 (Critical)
An improper authentication vulnerability has been discovered in SonicWall SonicOS SSL-VPN feature. The affected version is SonicOS 7.1.1-7040.
CVE ID: CVE-2024-22394 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Axigen WebMail that allows to escalate privileges. The affected versions are Axigen WebMail v.10.5.7 and before.
CVE ID: CVE-2023-48974 (Critical)
A vulnerability has been discovered in SQLAlchemyDA that allows unauthenticated execution of arbitrary SQL statements on the database. The affected products are SQLAlchemyDA versions prior to 2.2.
CVE ID: CVE-2024-24811 (Critical)
An unrestricted upload vulnerability has been discovered in Juanpao JPShop. The affected versions are Juanpao JPShop up to 1.5.02.
CVE ID: CVE-2024-1264 (Critical)
A buffer overflow vulnerability has been discovered in Tenda AC9. The affected version is Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi.
CVE ID: CVE-2024-24543 (Critical)
Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability in CKEditor 4 LTS - WYSIWYG HTML editor, a third-party library used in it. The affected versions are CKEditor 4 LTS - WYSIWYG HTML editor 1.0.0 and below 1.0.1.
CVE ID: CVE-2024-24815
Siemens has released Security Updates to address multiple vulnerabilities in its products. These updates as per OEM recommendations may be implemented.
An information disclosure vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-R Series Safety CPU and SIL2 Process CPU module. All versions of MELSEC iQ-R Series Safety CPU and MELSEC iQ-R Series SIL2 Process CPU are affected. The mitigation is available.
CVE ID: CVE-2023-6815 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20738 (Critical),CVE-2024-20739 (High), CVE-2024-20750 (High), CVE-2024-20719 (Critical), CVE-2024-20720 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-21364 (Critical), CVE-2024-21376 (Critical), CVE-2024-21401 (Critical), CVE-2024-21403 (Critical), CVE-2024-21410 (Critical), CVE-2024-21413 (Critical)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-50868 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-50387 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-6516 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-5680 (Medium)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-5679 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-5517 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2023-4408 (High)
Google has released Chrome 121 (121.0.6167.178) for Android, Extended Stable channel 120.0.6099.291 for Windows & Mac, Stable channel 121.0.6167.184 for Mac & Linux and 121.0.6167.184/185 to Windows.
Arbitrary code execution vulnerability has been discovered in Malwarebytes Binisoft Windows Firewall Control. The affected versions are Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2.
CVE ID: CVE-2024-25089 (Critical)
A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
CVE ID: CVE-2024-24021 (Critical)
A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are Novel-Plus v4.3.0-RC1 and prior.
CVE ID: CVE-2024-24017 (Critical)
A vulnerability has been discovered in Johnson Controls impacting IQ Panel 4 and IQ4 Hub, which allows unauthorized access to settings. All versions of IQ Panel 4 prior to 4.4.2 and all versions of IQ4 Hub prior to 4.4.2 are affected. The mitigations are available.
CVE ID: CVE-2024-0242
An out-of-bounds write vulnerability has been discovered in FortiOS that can allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. The updates are available.
CVE ID: CVE-2024-21762 (Critical)
An use of externally-controlled format string vulnerability has been discovered in FortiOS fgfmd daemon that can allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The updates are available.
CVE ID: CVE-2024-23113 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
CVE ID: CVE-2024-23109 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2, 6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
CVE ID: CVE-2024-23108 (Critical)
A SQL injection vulnerability has been discovered in Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin. The affected versions are Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin versions up to, and including, 3.7.1.
CVE ID: CVE-2024-0685 (Critical)
A vulnerability has been discovered in Vinchin Backup & Recovery that allows to be configured with default root credentials. The affected version is Vinchin Backup & Recovery v7.2.
CVE ID: CVE-2024-22902 (Critical)
A vulnerability has been discovered in Vinchin Backup & Recovery due to the use of default MYSQL credentials. The affected version is Vinchin Backup & Recovery v7.2.
CVE ID: CVE-2024-22901 (Critical)
A vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform that allows to obtain the service token and use it for authentication on another FTSP directory.
CVE ID: CVE-2024-21917 (Critical)
Cisco has released security updates to address multiple Cross Site Request Forgery (CSRF) vulnerabilities in Cisco Expressway Series. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20252 (Critical), CVE-2024-20254 (Critical), CVE-2024-20255 (High)
Google has released Chrome Beta 122 (122.0.6261.27) for Android, Chrome Stable 121 (121.0.6167.171) for iOS, Beta channel 122.0.6261.29 for Windows, Mac & Linux, LTC-120 version 120.0.6099.272 (Platform Version: 15662.88.0) for most ChromeOS devices, Chrome Beta 122 (122.0.6261.26) for iOS and Stable channel OS version 15699.58.0 Browser version 121.0.6167.159 for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1280 (Medium), CVE-2024-1281 (Medium), CVE-2024-25556 (Medium), CVE-2024-25557 (Medium), CVE-2024-25558 (Medium), CVE-2023-6817 (Medium), CVE-2023-6932 (Medium), CVE-2024-0806 (Medium), CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2024-0813 (Medium), CVE-2024-0814 (Medium), CVE-2024-0809 (Low), CVE-2024-0811 (Low)
Cisco has released security updates to address a Denial of Service (DoS) vulnerability in ClamAV OLE2 File Format Parser.
CVE ID: CVE-2024-20290 (High)
GitLab has released updated versions 16.8.2, 16.7.5, and 16.6.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2024-1250 (Medium), CVE-2023-6840 (Medium), CVE-2023-6386 (Medium), CVE-2024-1066 (Medium)
JetBrains has released security update for TeamCity On-Premises to address a vulnerability that allow unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server. All versions of TeamCity On-Premises from 2017.1 through 2023.11.2 are affected.
CVE ID: CVE-2024-23917 (Critical)
Remote code execution vulnerability has been discovered in IBM Operational Decision Manager. The affected versions are IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1.
CVE ID: CVE-2024-22319 (Critical)
Arbitrary command execution vulnerability has been discovered in Notion Web Clipper. The affected version is Notion Web Clipper 1.0.3(7).
CVE ID: CVE-2024-23745 (Critical)
Improper Authorization vulnerability has been discoveerd in HID Global's Equipment- iCLASS SE, OMNIKEY. All versions of iCLASS SE CP1000 Encoder, iCLASS SE Readers, iCLASS SE Reader Modules, iCLASS SE Processors, OMNIKEY 5427CK Readers, OMNIKEY 5127CK Readers, OMNIKEY 5023 Readers, and OMNIKEY 5027 Readers are affected.
CVE ID: CVE-2024-22388 (Medium)
Improper Authorization vulnerability has been discovered in HID Global's Equipment- Reader Configuration Cards. All versions of HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards are affected.
CVE ID: CVE-2024-23806 (Medium)
Cisco has released security updates to address Snort access control policy bypass vulnerability in multiple Cisco products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-20246 (Medium)
VMware has released security updates to address multiple vulnerabilities in VMware Aria Operations for Networks. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22237 (High), CVE-2024-22238 (Medium), CVE-2024-22239 (Medium), CVE-2024-22240 (Medium), CVE-2024-22241 (Medium)
Google has released Chrome 121 (121.0.6167.164) for Android, Stable channel 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 for Windows, and Extended Stable channel 120.0.6099.283 for Windows and Mac.
CVE ID: CVE-2024-1284 (High), High CVE-2024-1283 (High)
Authentication bypass vulnerability has been discovered in the Admin UI component of CrateDB. The affected version is CrateDB 5.5.1.
CVE ID: CVE-2023-51982 (Critical)
A SQL injection vulnerability has been discovered in the 'HTML5 Video Player' WordPress Plugin. The affected versions are 'HTML5 Video Player' WordPress Plugin prior to 2.5.25.
CVE ID: CVE-2024-1061 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-02-05 or later, address all of these issues.
Docker has released security updates to resolve multiple vulnerabilities in several products. The affected versions are runc 1.1.11 and below, BuildKit 0.12.4 and below, Moby (Docker Engine) 25.0.1 and below and 24.0.8 and below, and Docker Desktop 4.27.0 and below.
CVE ID: CVE-2024-21626 (High), CVE-2024-23651 (High), CVE-2024-23652 (High), CVE-2024-23653 (High), CVE-2024-23650 (Medium), CVE-2024-24557 (Medium)
Privilege escalation, and Server-side request forgery vulnerabilities have been discovered in Ivanti Connect Secure, Ivanti Policy Secure and ZTA Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways are affected. The patches and mitigations are available.
CVE ID: CVE-2024-21888 (High), CVE-2024-21893 (High)
An uncontrolled search path element vulnerabilitiy have been discovered in AVEVA's Equipment- AVEVA Edge products aka InduSoft Web Studio that results in achieving arbitrary code execution and privilege escalation . The affected versions are AVEVA Edge 2020 R2 SP2 and prior. The mitigation is available.
CVE ID: CVE-2023-6132 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 121.0.2277.98) and Microsoft Edge Extended Stable Channel (120.0.2210.167) to resolve vulnerability.
CVE ID: CVE-2024-21399 (High)
Multiple vulnerabilities have been discovered in Gessler GmbH's Equipment- WEB-MASTER. The affected version is WEB-MASTER 7.9. The mitigation is available.
CVE ID: CVE-2024-1039 (Critical), CVE-2024-1040 (Medium)
An integer underflow vulnerability has been discovered in WebUI of Google Chrome, which allows heap corruption via a malicious file. The affected versions are WebUI of Google Chrome prior to 121.0.6167.85. Security updates are available.
CVE ID: CVE-2024-0808 (Critical)
A SQL injection vulnerability has been discovered in Webkul Bundle Product that allows to execute arbitrary code. The affected version is Webkul Bundle Product 6.0.1.
CVE ID: CVE-2023-51210 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK A3700R_V9.1.2u.6165_20211012.
CVE ID: CVE-2024-22662 (Critical)
An authentication bypass vulnerability has been discovered in Fortra's GoAnywhere MFT. The affected versions are Fortra GoAnywhere MFT prior to 7.4.1.
CVE ID: CVE-2024-0204 (Critical)
An authentication bypass vulnerability has been discovered in darkhttpd. The affected versions are darkhttpd before 1.15.
CVE ID: CVE-2024-23771 (Critical)
An arbitrary code execution vulnerability has been discovered in OpenAPI loader for Embedchain. The affected versions are OpenAPI loader ifor Embedchain before 0.1.57.
CVE ID: CVE-2024-23731 (Critical)
A session fixation vulnerability has been discovered in Enonic XP. The affected versions are Enonic XP versions less than 7.7.4.
CVE ID: CVE-2024-23679 (Critical)
Microsoft Edge (Chromium-based) has released Microsoft Edge Stable Channel (Version 121.0.2277.83) and Microsoft Edge Extended Stable Channel (120.0.2210.160) to resolve elevation of privilege vulnerability which can lead to a full compromise of the browser.
CVE ID: CVE-2024-21326 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High), CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903 (Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904 (High)
Cisco has released security updates to resolve bypass vulnerability in Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches.
CVE ID: CVE-2024-20263 (Medium)
Cisco has released security updates to resolve a Cross Site Scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection.
CVE ID: CVE-2024-20305 (Medium)
A critical vulnerability has been discovered in multiple Cisco Unified Communications and Contact Center Solutions products. Successful exploitation can allow to execute arbitrary code on an affected device.
CVE ID: CVE-2024-20253 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
An unsafe reflection vulnerability has been discovered in GitHub Enterprise Server that can lead to reflection injection. All versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-0200 (Critical)
A critical vulnerability has been discovered in Totolink that leads to improper access controls. The affected version is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
Multiple vulnerabilities have been discovered in Voltronic Power's Equipment- ViewPower Pro. The affected version is ViewPower Pro 2.0-22165.
CVE ID: CVE-2023-51570 (Critical), CVE-2023-51571 (High), CVE-2023-51572 (Critical), CVE-2023-51573 (Critical)
An improper access control vulnerability has been discovered in APsystems' Equipment- Energy communication Unit (ECU-C) Power Control Software. The affected versions are Energy Communication Unit Power Control Software: C1.2.2, v3.11.4, W2.1.NA, v4.1SAA and v4.1NA.
CVE ID: CVE-2022-44037 (High)
Crestron has released a security update to address an OS command injection vulnerability in its equipment- AM-300. The affected version is AM-300 1.4499.00018.
CVE ID: CVE-2023-6926 (High)
Multiple vulnerabilities have been discovered in Westermo's equipment- Lynx 206-F2G. The affected versions are Lynx: Model Version L206-F2G1, and Lynx: Firmware Version 4.24. The mitigation is available.
CVE ID: CVE-2023-40143 (Medium), CVE-2023-45222 (Medium), CVE-2023-45735 (High), CVE-2023-45213 (Medium), CVE-2023-42765 (Medium), CVE-2023-40544 (Medium), CVE-2023-38579 (High), CVE-2023-45227 (Medium)
A weak encoding for password vulnerability has been discovered in Lantronix's Equipment- XPort. The affected version is XPort Device Server Configuration Manager 2.0.0.13.
CVE ID: CVE-2023-7237 (Medium)
A Cross Site Scripting (XSS) vulnerability has been discovered in Orthanc's Equipment- Osimis Web Viewer. The affected version is Osimis WebViewer 1.4.2.0-9d9eff4. The mitigation is available.
CVE ID: CVE-2023-7238 (High)
A Remote Command Execution (RCE) vulnerability has been discovered in TOTOlink. The affected version is TOTOlink EX1200T V4.1.2cu.5232_B20210713.
CVE ID: CVE-2023-52032 (Critical)
An arbitrary code execution vulnerability has been discovered in D-Link. The affected version is D-Link dir815 v.1.01SSb08.bin.
CVE ID: CVE-2023-51123 (Critical)
An integer overflow vulnerability has been discovered in Redis that leads to heap overflow and potential Remote Code Execution (RCE). Security updates are available.
CVE ID: CVE-2023-41056 (Critical)
Microsoft has released security update to address vulnerability in Microsoft Edge Stable Channel (Version 120.0.2210.144) to resolve a vulnerability.
CVE ID: CVE-2024-0519
Google has released Chrome Stable 121 (121.0.6167.66) for iOS, Chrome Beta 121 (121.0.6167.71) for Android, Stable channel 121.0.6167.75 for Windows and Mac, and Beta channel 121.0.6167.75 for Windows, Mac and Linux.
Trend Micro has released a security update to address local privilege escalation vulnerabilities in Trend Micro Deep Security Agent, Platform: Windows. The affected version is Trend Micro Deep Security Agent (Including Cloud One - Endpoint and Workload Security) 20.0.
CVE ID: CVE-2023-52337 (High), CVE-2023-52338 (High)
A SQL injection vulnerability has been discovered in soxft TimeMail. The affected versions are soxft TimeMail up to 1.1.
CVE ID: CVE-2024-0344 (Critical)
VMware has released security updates to address a missing access control vulnerability in VMware Aria Automation & VMware Cloud Foundation. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2023-34063 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-26031 (High), CVE-2023-29258 (High), CVE-2023-45178 (High), CVE-2023-45287 (High), CVE-2023-46167 (High), CVE-2023-6337 (High), CVE-2023-6534 (High), CVE-2023-7104 (High)
A command injection vulnerability has been discovered in Tenda AX1803. The affected version is Tenda AX1803 v1.0.0.1.
CVE ID: CVE-2023-51972 (Critical)
Cisco has released security update to address multiple vulnerabilities in Cisco TelePresence Management Suite. The affected versions are Cisco TelePresence Management Suite earlier than 15.13.6.
CVE ID: CVE-2023-20248, CVE-2023-20249
A stack overflow vulnerability has been discovered in TRENDnet that leads to arbitrary command execution. The affected version is TRENDnet TV-IP1314PI 5.5.3 200714.
CVE ID: CVE-2023-49236 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.133) to resolve vulnerabilities.
CVE ID: CVE-2024-21337 (Medium), CVE-2024-20709, CVE-2024-20721, CVE-2024-20675 (Medium)
A buffer overflow vulnerability has been discovered in Totolink X2000R. The affected version is Totolink X2000R 1.0.0-B20221212.1452.
CVE ID: CVE-2023-7222 (Critical)
An arbitrary code execution vulnerability has been discovered that causes Denial of Service (DoS) in NetScout nGeniusOne. The affected version is NetScout nGeniusOne v.6.3.4.
CVE ID: CVE-2023-26999 (Critical)
An out of bounds read vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
CVE ID: CVE-2024-0322 (Critical)
A stack based buffer overflow vulnerability has been discovered in the GitHub repository gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
CVE ID: CVE-2024-0321 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in Youke365. The affected versions are Youke365 up to 1.5.3.
CVE ID: CVE-2024-0304 (Critical)
A vulnerability has been discovered in DeDeCMS that leads to unrestricted uploading. The affected versions are DeDeCMS up to 5.7.112.
CVE ID: CVE-2023-7212 (Critical)
A stack based buffer overflow vulnerability has been discovered in Horner Automation's Equipment- Cscape that allows to execute arbitrary code. The affected versions are Cscape 9.90 SP10 and prior.
CVE ID: CVE-2023-7206 (High)
Google has released Dev channel 122.0.6226.0 (Platform version: 15739.0.0) for most ChromeOS devices, Chrome Dev 122 (122.0.6238.3) for Android and Dev channel 122.0.6238.2 for Windows, Mac & Linux.
Juniper has released security updates to address a missing release of memory after effective lifetime vulnerability in the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and Junos OS Evolved that allows to cause a Denial of Service (DoS) condition.
CVE ID: CVE-2024-21611 (High)
A use after free vulnerability has been discovered in Lotos WebServer. The affected versions are Lotos WebServer through 0.1.1.
CVE ID: CVE-2024-22088 (Critical)
A Remote Code Execution(RCE) vulnerability has been discovered in Tenda AX3. The affected version is Tenda AX3 v16.03.12.11.
CVE ID: CVE-2023-51812 (Critical)
A path traversal vulnerability has been discovered in Arcserve UDP. The affected versions are Arcserve UDP prior to 9.2.
CVE ID: CVE-2023-42000 (Critical)
The authentication bypass and command injection vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure Gateways. All versions of Version 9.x and 22.x of Ivanti Connect Secure and Ivanti Policy Secure Gateways are affected. The mitigation is available.
CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical)
Cisco has released security updates to address an unauthenticated arbitrary file Upload vulnerability in Cisco Unity Connection. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-20272 (Critical)
Drupal has released security updates to address the Cross Site Scripting (XSS) and access bypass vulnerabilities in File entity, a third-party library used in it.
Google has released Beta channel 121.0.6167.57 for Windows, Mac & Linux, Chrome Beta 121 (121.0.6167.56) for iOS, Beta channel OS version: 15699.29.0, Browser version: 121.0.6167.49 for most ChromeOS devices, Chrome Beta 121 (121.0.6167.57) for Android and LTS channel 114.0.5735.346 (Platform Version: 15437.84.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-7024 (High), CVE-2023-5197 (High), CVE-2023-5851 (Medium), CVE-2023-5852 (Medium), CVE-2023-5855 (Medium)
Trend Micro has released security updates to address local privilege escalation vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service, Platform: Windows. The affected versions are Trend Micro Apex One 2019 (On-prem) and Trend Micro Apex One as a Service SaaS.
CVE ID: CVE-2023-52090 (High), CVE-2023-52091 (High), CVE-2023-52092 (High), CVE-2023-52093 (High), CVE-2023-52094 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-49621 (Critical), CVE-2023-51438 (Critical), CVE-2023-45871 (Critical), CVE-2023-45853 (Critical)
SAP has released security notes to address several critical vulnerabilities affecting multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-49583 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-50423 (Critical), CVE-2023-50424 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-0057 (Critical), CVE-2024-20674 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe Substance 3D Stager. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium), CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)
An improper privilege management vulnerability has been discovered in FortiOS and FortiProxy. The affected versions are FortiOS 7.4, FortiOS 7.2, and FortiProxy 7.4. Security updates are available.
CVE ID: CVE-2023-44250 (High)
Google has released Chrome 120 (120.0.6099.210) for Android, and Stable channel 120.0.6099.216 for Mac, Linux and 120.0.6099.216/217 to Windows to resolve vulnerability.
CVE ID: CVE-2024-0333 (High)
Schneider Electric's has released security updates to address Deserialization of untrusted data vulnerability in Easergy Studio product. The affected versions are Easergy Studio prior to v9.3.5.
CVE ID: CVE-2023-7032 (High)
A vulnerability has been discovered in PAN-OS software that allows to intercept SSH traffic on the PAN-OS management network causes Machine in the Middle (MitM) attacks.
CVE ID: CVE-2023-48795
A privilege escalation vulnerability has been discovered in SpringBlade. The affected versions are SpringBlade v.3.7.0 and before.
CVE ID: CVE-2023-47458 (Critical)
Google has released Stable channel 120.0.6099.203 (Platform version: 15662.64.0) for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-7024 (High), CVE-2023-6508 (High), CVE-2023-6509 (High), CVE-2023-6511 (Low), CVE-2023-39191 (Medium)
A deserialization of untrusted data vulnerability has been discovered in Presslabs Theme per user. The affected versions are Theme per user: from n/a through 1.0.1.
CVE ID: CVE-2023-52181 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in TOTOLINK X6000R. The affected version is TOTOLINK X6000R v9.4.0cu.852_B20230719.
CVE ID: CVE-2023-50651 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK X2000R Gh. The affected version is TOTOLINK X2000R Gh v1.0.0-B20230221.0948.
CVE ID: CVE-2023-51136 (Critical)
A SQL injection vulnerability has been discovered in Grupo Embras GEOSIAP ERP. The affected version is Grupo Embras GEOSIAP ERP v2.2.167.02.
CVE ID: CVE-2023-50589 (Critical)
A Server Side Template Injection (SSTI) vulnerability has been discovered in jeecg-boot that allows to execute arbitrary code via crafted HTTP request. The affected version is jeecg-boot version 3.5.3.
CVE ID: CVE-2023-41544 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.121) to resolve vulnerabilities.
CVE ID: CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-2976 (Medium), CVE-2020-36518 (High), CVE-2022-42004 (Medium), CVE-2022-42003 (Medium)
Google has released Chrome Beta 121 (121.0.6167.48) for iOS, Beta channel 121.0.6167.47 for Windows, Mac and Linux, Chrome Beta 121 (121.0.6167.47) for Android and Dev channel OS version: 15699.25.0, Browser version: 121.0.6167.40 for most ChromeOS devices.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later, address all of these issues.
Android has released a security bulletin to resolve multiple vulnerabilities affecting several Android devices. Security patch levels of 2024-01-05 or later address all of these issues.
Google has released Chrome 120 (120.0.6099.193) for Android and Stable channel 120.0.6099.199 for Mac & Linux and 120.0.6099.199/200 for Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2024-0222 (High), CVE-2024-0223 (High), CVE-2024-0224 (High), CVE-2024-0225 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. Security updates are available.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system. The updates are available.
Qualcomm has released a security bulletin to resolve multiple vulnerabilities affecting several devices.
CVE ID: CVE-2023-33032 (Critical), CVE-2023-33030 (Critical), CVE-2023-33025 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-44483 (Medium), CVE-2023-44487 (High), CVE-2023-46158 (Medium), CVE-2023-45857 (High), CVE-2021-28165 (High), CVE-2020-27216 (High)