-
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security…
-
Nedap Librix Ecoreader
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Nedap Librix Equipment: Ecoreader Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Ecoreader are affected: Ecoreader: All versions 3.2…
-
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products ICSA-25-007-02 Nedap Librix Ecoreader CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Go…
-
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of Special Elements in Data Query…
-
Google’s Willow Quantum Chip and Its Potential Threat to Current Encryption Standards
Introduction: Google’s recent announcement of their Willow quantum processor marks a significant advancement in quantum computing technology while raising questions about the security and sustainability of current encryption methods. As quantum computers grow more powerful, cybersecurity experts grow increasingly concerned about their potential to break widely used encryption standards that protect sensitive data worldwide. Quantum…
-
US Treasury Department Sanctions Chinese Company Over Cyberattacks
From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere. From the Washington Post: The sanctions target Beijing Integrity Technology…
-
CVE-2025-0301 – Online Book Shop Cross Site Scripting (XSS)
CVE ID : CVE-2025-0301 Published : Jan. 7, 2025, 6:15 p.m. | 1 hour, 30 minutes ago Description : A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site…
-
CVE-2024-40427 – PX4-Autopilot Stack Buffer Overflow
CVE ID : CVE-2024-40427 Published : Jan. 7, 2025, 7:15 p.m. | 30 minutes ago Description : Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected…
-
CVE-2024-55413 – SUNIX Parallel Driver x64 uninitialized IOCTL Request Vulnerability (Privilege Escalation, Code Execution, Information Disclosure)
CVE ID : CVE-2024-55413 Published : Jan. 7, 2025, 6:15 p.m. | 1 hour, 30 minutes ago Description : A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 – 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code…
-
CVE-2024-55414 – Motorola SM56 Modem WDM Driver Privilege Escalationlsa
CVE ID : CVE-2024-55414 Published : Jan. 7, 2025, 6:15 p.m. | 1 hour, 30 minutes ago Description : A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high…