Search
Close this search box.
Login
Login
Login
Search
Close this search box.

Cyber Security News

CIS Security Advisories

CIS Security News

CISA News

ISACA SmartBrief

RSS Cyber Security Advisories – MS-ISAC
  • Multiple Vulnerabilities in Microsoft Edge (Chromium-based) Could Allow for Arbitrary Code Execution 2024-10-18
    Multiple vulnerabilities have been discovered in Microsoft Edge (Chromium-based), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-10-16
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
  • Oracle Quarterly Critical Patches Issued October 15, 2024 2024-10-16
    Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
  • Multiple Vulnerabilities in Palo Alto Network’s Expedition Could Allow for Arbitrary Code Execution 2024-10-14
    Multiple Vulnerabilities in Palo Alto Network’s Expedition have been discovered, the most severe of which could allow for arbitrary code execution on Palo Alto Firewalls. Palo Alto Network’s Expedition is a migration tool designed to help organizations move configurations from other firewall platforms to Palo Alto’s PAN-OS. Successful exploitation of these vulnerabilities could allow for […]
  • A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution 2024-10-10
    A vulnerability has been discovered in Mozilla Firefox which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Successful exploitation could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create […]
  • Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution 2024-10-09
    Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti EPMM is a mobile device management solution designed to secure mobile devices, apps and content.Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure communication and functionality over the Internet.Ivanti Velocity License Server […]
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-10-08
    Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2024-10-08
    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print.Successful exploitation of the most severe of these vulnerabilities could allow for […]
  • Critical Patches Issued for Microsoft Products, October 8, 2024 2024-10-08
    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose […]
  • Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution 2024-10-07
    Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in […]
RSS Blog Feed – Center for Internet Security
RSS ICS Advisories
  • Kieback&Peter DDC4000 Series 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kieback&Peter Equipment: DDC4000 Series Vulnerabilities: Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]
    CISA
  • LCDS LAquis SCADA 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to steal cookies, inject arbitrary code, or perform unauthorized actions. 3. TECHNICAL DETAILS […]
    CISA
  • HMS Networks EWON FLEXY 202 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Networks Equipment: EWON FLEXY 202 Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]
    CISA
  • Elvaco M-Bus Metering Gateway CMe3100 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elvaco Equipment: M-Bus Metering Gateway CMe3100 Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Insufficiently Protected Credentials. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could […]
    CISA
  • Mitsubishi Electric CNC Series 2024-10-17
    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: CNC Series Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]
    CISA
  • Siemens Siveillance Video Camera 2024-10-15
    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable from […]
    CISA
  • Schneider Electric Data Center Expert 2024-10-15
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Data Center Expert Vulnerability: Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access private data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric […]
    CISA
  • Siemens SINEC Security Monitor 2024-10-10
    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack […]
    CISA
  • Siemens Simcenter Nastran 2024-10-10
    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low Attack Complexity […]
    CISA
  • Rockwell Automation DataMosaix Private Cloud 2024-10-10
    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: DataMosaix Private Cloud Vulnerabilities: Inadequate Encryption Strength, Out-of-bounds Write, Improper Check for Dropped Privileges, Reliance on Insufficiently Trustworthy Component, NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, view user data, […]
    CISA
RSS ISACA SmartBrief on Cybersecurity
Ohio Department of Education & Workforce
MS-ISAC
CIS-Logo
Management Council Logo