CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL
Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access
CVE-2024-25110 : AZURE AZURE-UAMQP-C 1.0 OPEN_GET_OFFERED_CAPABILITIES USE AFTER FREE
Description The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation
CVE-2024-24573 : WILLYXJ FACILEMANAGER UP TO 4.5.0 POST REQUEST PROCESSPOST.PHP AUTHORIZATION
Description facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier,
CVE-2023-22527 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER PRIOR 8.5.4 TEMPLATE INJECTION
Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated
CVE-2023-6270 : LINUX KERNEL ATA OVER ETHERNET DRIVER AOECMD_CFG_PKTS USE AFTER FREE
Description A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly
CVE-2023-48239 : NEXTCLOUD SERVER/ENTERPRISE SERVER UP TO 27.1.3 EXTERNAL STORAGE ACCESS CONTROL
Description Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to
CVE-2022-42920 : ORACLE UTILITIES APPLICATION FRAMEWORK UP TO 4.2.0.3.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0 GENERAL REMOTE CODE EXECUTION
Description Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due
CVE-2023-32485 : Dell SmartFabric Storage Software Up To 1.3 Input Validation
Description Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may
CVE-2022-38777 : ELASTIC ENDPOINT SECURITY ON WINDOWS PRIVILEGES MANAGEMENT
Description An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users
Latest Spring Vulnerabilities Exploitation – CVE-2022-22965
Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that
Latest Spring Vulnerabilities Exploitation – CVE-2022-22965
Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that
OWASP Top 10 API security
The OWASP Top 10 API security is a classification of the most common attacks on the web. The vulnerabilities exploited
CVE-2021-44228 – Apache log4j up to 2.14.1 JNDI LDAP Server Lookup format string
Zero-Day RCE Vulnerability CVE-2021-44228 aka Critical Apache Log4j Remote Code Execution Vulnerability(Log4Shell)Affects Java Background on Apache log4j Apache log4j 2
OWASP 2021 Detailed Report: See What’s Changed!
Everyone knowing about OWASP must be curious about what’s modified withinside the Top 10 for 2021. Here’s What’s New in
Intel BSSA DFT initialization [CVE-2021-0144]
A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[‘REQUEST_URI’] before
CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
CVE-2021-24373
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console’s Filtered Asset Search feature. A specific
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
The following table lists Cisco products that are affected by the vulnerabilities that are described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
Product
Cisco Bug ID
Fixed Release Availability
Cisco Adaptive Security Appliance (ASA) SoftwareAffected features: Clientless WebVPN and AnyConnect VPN (only when SSO is enabled)
CSCvx73164
9.8.4.38 (Jun 2021)9.12.4.24 (available)9.14.3 (Jun 2021)9.15.1.15 (available)9.16.1.3 (available)
Cisco Content Security Management Appliance (SMA)Affected feature: Web-based management interface (only when SSO is enabled)
CSCvx73156
13.8.1 (available)14.1.0 (Jul 2021)
Cisco Email Security Appliance (ESA)Affected feature: Web-based management interface (only when SSO is enabled)
CSCvx73154
14.0.0-692 GD (available)
Cisco FXOS Software
CSCvx73164
2.2.2.149 (Jul 2021)2.3.1.216 (Jul 2021)2.6.1.230 (Jul 2021)2.7.1.143 (available)2.8.1.152 (available)2.9.1.143 (available)
Cisco Web Security Appliance (WSA)
CSCvx73157
14.0.1 (Sep 2021)
Cisco Firepower Threat Defense (FTD) SoftwareAffected feature: AnyConnect VPN (only when SSO is enabled)1
CSCvx73164
6.4.0.12 (available)6.6.5 (Jul 2021)6.7.0.2 (available)7.0.0 (available)
Cisco Prime Collaboration Assurance
CSCvx73162
12.1 SP4 ES (TBD)
1. The AnyConnect VPN is configurable only through FlexConfig for Cisco FTD releases earlier than Release 6.7.
The Cisco software releases listed in the following table have reached end of software maintenance. Customers are advised to migrate to a supported release that includes the fix for this vulnerability.
Cisco Software
End-of-Life Releases
ASA Software
9.7 and earlier9.99.109.13
FXOS Software
2.4.12.7.1
FTD Software
6.0.1 and earlier 6.2.06.2.16.5
Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following products and services:
Network and Content Security Devices
Cisco AMP Virtual Private Cloud Appliance
Network Management and Provisioning
Cisco Prime Collaboration Provisioning
Unified Computing
Cisco UCS B-Series M5 Blade Servers
Cisco UCS C-Series M5 Rack Servers – Managed
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Video Surveillance Media Server
Cisco Video Surveillance Operations Manager
Cisco Vision Dynamic Signage Director
WAF role security
Prophaze WAF Role Security Reliable, Automated Blocking Prophaze WAF 3.0 is a Distributed proactive web security platform designed to defend
Kubernetes Infrastructure Security
Security should extend beyond images and workloads and defend the complete environment, as well as the cluster infrastructure. You want
Kubernetes Security: Build Phase
Overview : Kubernetes Security: Build Phase Securing containers and Kubernetes starts within the building part with securing your container images.
Kubernetes security risks and challenges
Overview : Around 87% of organizations are using Kubernetes container orchestration to manage their container workloads. Each of the security