Author: DEFENDEDGE

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix… Read more

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 3ds — teamwork_cloud_no_magic_release A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. 2023-10-09… Read more

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors… Read more

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov… Read more

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — agent Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. 2023-10-04 7.8 CVE-2023-44209MISC acronis — cyber_protect_home_office Sensitive information disclosure and manipulation due to missing authorization.… Read more

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accusoft — imagegear An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-32284MISC accusoft… Read more

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — cyber_protect_home_office Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. 2023-09-20 7.5 CVE-2023-5042MISC apple — multiple_products The issue was addressed with improved checks. This issue… Read more

Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisories for Thunderbird 115.3, Firefox ESR 115.3 and Firefox 118 for more information and apply the necessary updates. Read more

Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware.… Read more

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) are releasing this joint cybersecurity… Read more