Category: alerts

Category Added in a WPeMatico Campaign

  • Cisco Releases Security Advisory for Unified CM and Unified CM SME

    Original release date: January 20, 2023 Cisco released a security advisory for a vulnerability affecting Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.… Read more

  • Vulnerability Summary for the Week of January 9, 2023

    Original release date: January 16, 2023 | Last revised: January 17, 2023   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info web-cyradm_project — web-cyradm A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The… Read more

  • Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

    Original release date: January 12, 2023 Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply… Read more

  • NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services

    Original release date: January 11, 2023 The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management… Read more

  • Vulnerability Summary for the Week of January 2, 2023

    Original release date: January 9, 2023 | Last revised: January 10, 2023   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info synology — vpn_plus_server Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified… Read more

  • CISA Releases Three Industrial Systems Control Advisories

    Original release date: January 5, 2023 CISA released three Industrial Control Systems (ICS) advisories on January 5 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-005-01 Hitachi Energy UNEM ICSA-23-005-02 Hitachi… Read more

  • Fortinet Releases Security Updates for FortiADC

    Original release date: January 4, 2023 Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-061 and apply the recommended updates. This… Read more

  • Vulnerability Summary for the Week of December 26, 2022

    Original release date: January 4, 2023   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info dlink — dir-846_firmware D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. 2022-12-23 9.9 CVE-2022-46641 MISC MISC dlink — dir-846_firmware D-Link DIR-846 A1_FW100A43 was… Read more

  • Vulnerability Summary for the Week of December 19, 2022

    Original release date: December 28, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info greenend — sftpserver ** DISPUTED ** A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads… Read more

  • Vulnerability Summary for the Week of December 12, 2022

    Original release date: December 19, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info hp — futuresmart_5 A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products. 2022-12-12… Read more