Read more about the article CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

  • Post author:
  • Post category:

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5631 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the

Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
Read more about the article VMware Releases Security Advisory for vCenter Server

VMware Releases Security Advisory for vCenter Server

  • Post author:
  • Post category:

VMware released a security advisory for a vulnerability (CVE-2023-34048) affecting the VMware vCenter Server and (CVE-2023-34056) affecting [VMware Cloud Foundation]. A remote cyber actor could exploit these vulnerabilities to obtain information or take control of an affected system. CISA encourages users and administrators to review the VMware vCenter Server Out-of-Bounds Write Vulnerability VMSA-2023-0023 advisory and apply the

Continue ReadingVMware Releases Security Advisory for vCenter Server
Read more about the article Apple Releases Security Advisories for Multiple Products

Apple Releases Security Advisories for Multiple Products

  • Post author:
  • Post category:

An official website of the United States government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Cybersecurity &

Continue ReadingApple Releases Security Advisories for Multiple Products
Read more about the article ICS Advisory: Sielco PolyEco FM Transmitter

ICS Advisory: Sielco PolyEco FM Transmitter

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: PolyEco1000 Vulnerabilities: Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, access restricted pages, or hijack sessions. 3. TECHNICAL

Continue ReadingICS Advisory: Sielco PolyEco FM Transmitter
Read more about the article ICS Advisory: Sielco Radio Link and Analog FM Transmitters

ICS Advisory: Sielco Radio Link and Analog FM Transmitters

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: Analog FM Transmitters and Radio Link Vulnerabilities: Improper Access Control, Cross-Site Request Forgery, Privilege Defined with Unsafe Actions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, access restricted pages

Continue ReadingICS Advisory: Sielco Radio Link and Analog FM Transmitters