Archive for Cybersecurity - page 125

Ott042023

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4211 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view…

Continue reading →

Ott042023

Risolta vulnerabilità in Google Chrome (AL01/231004/CSIRT-ITA)

Google ha rilasciato un aggiornamento per il browser Chrome al fine di correggere una vulnerabilità di sicurezza con gravità “alta”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Ott022023

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-14667 Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal…

Continue reading →

Ott022023

Rilevate vulnerabilità in Progress WS_FTP Server (AL01/230929/CSIRT-ITA) – Aggiornamento

Aggiornamenti di sicurezza Progress sanano alcune vulnerabilità, di cui due con gravità “critica” e 3 con gravità “alta”, presenti in WS_FTP Server, software server FTP per il trasferimento di file in modo sicuro e affidabile. Tali vulnerabilità, qualora sfruttate, potrebbero consentire a un utente malintenzionato…

Continue reading →

Set302023

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, Firefox Focus for Android, and Firefox for Android. A cyber threat actor can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security…

Continue reading →

Set302023

Rilevate vulnerabilità zero-day in Exim (AL01/230930/CSIRT-ITA)

Sono stata rilevate diverse vulnerabilità zero-day impattanti il server di posta Exim, di cui una con gravità “critica” e due con gravità “alta”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Set282023

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-271-01 Rockwell Automation PanelView 800 ICSA-23-271-02 DEXMA DexGate ICSA-23-143-02 Hitachi Energy’s RTU500 Series Product (UPDATE A) CISA encourages users and…

Continue reading →

Set282023

PoC pubblico per lo sfruttamento della CVE-2023-42793 (AL03/230928/CSIRT-ITA)

Disponibile un Proof of Concept (PoC) per la vulnerabilità CVE-2023-42793 – già sanata dal vendor – presente in Teamcity, piattaforma software CI/CD general-purpose di JetBrains. Tale vulnerabilità, qualora sfruttata, potrebbe permettere a un utente malintenzionato remoto non autenticato, il bypass dei meccanismi di sicurezza e…

Continue reading →

Page 125 of 179 ← First ... 123 124 125 126 127 ... Last →