Author: DEFENDEDGE
-
Vulnerability Summary for the Week of August 21, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info qemu — qemu The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed… Read more
-
CISA’s VDP Platform 2022 Annual Report Showcases Success
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in July 2021—to safeguard the FCEB and support risk reduction. The VDP platform… Read more
-
Vulnerability Summary for the Week of August 14, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info foldingathome — client_advanced_control An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py. 2023-08-11 9.8 CVE-2020-27544MISC sourcecodester — school_faculty_scheduling_system SQL Injection vulnerability… Read more
-
Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS
Juniper has released a security advisory to address vulnerabilities in Junos OS on SRX Series and EX Series. A remote cyber threat actor could exploit these vulnerabilities to cause a denial-of service condition. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates. Read more
-
Atlassian Releases Security Update for Confluence Server and Data Center
Atlassian has released its security bulletin for August 2023 to address a vulnerability in Confluence Server and Data Center, CVE-2023-28709. A remote attacker can exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Atlassian’s August 2003 Security Bulletin and apply the necessary update. Read more
-
Vulnerability Summary for the Week of August 7, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info phoenixcontact — wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full… Read more
-
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICSA-23-222-02 Siemens Parasolid Installer ICSA-23-222-03 Siemens JT Open, JT Utilities, and Parasolid ICSA-23-222-04 Siemens Software Center ICSA-23-222-05 Siemens RUGGEDCOM CROSSBOW ICSA-23-222-06… Read more
-
Vulnerability Summary for the Week of July 31, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info yunyecms — yunyecms SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. 2023-07-31 9.8 CVE-2020-21662MISC raspap — raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary… Read more
-
CISA Releases its Cybersecurity Strategic Plan
Today, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine objectives to specific enabling measures and measures of effectiveness to drive accountability: Increase visibility into, and ability to disrupt, cybersecurity threats and campaigns Coordinate disclosure… Read more
-
2022 Top Routinely Exploited Vulnerabilities
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ)… Read more