Apache Software Foundation ha rilasciato un aggiornamento di sicurezza per il prodotto Struts che sana una vulnerabilità con gravità “critica”. Tale vulnerabilità, qualora sfruttata, potrebbe consentire a un utente malintenzionato remoto di effettuare path traversal e, in determinate circostanze, di eseguire codice arbitrario. Source link…
Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates or mitigations….
Ivanti rilascia aggiornamenti di sicurezza che risolvono 3 vulnerabilità nel prodotto Connect Secure, software di accesso remoto tramite VPN. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA released five Industrial Control Systems (ICS) advisories on December 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer…
Aggiornamenti di sicurezza sanano 3 vulnerabilità con gravità “critica” presenti nei prodotti Confluence Data Center and Server, Companion App for MacOS e Assets Discovery. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and…
Google ha rilasciato gli aggiornamenti di sicurezza di dicembre per sanare molteplici vulnerabilità che interessano il sistema operativo Android, di cui 5 con gravità “critica”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Execution Vulnerability Binding Operational…
