Tagged: Cybersecurity Alert

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. More information : https://https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-03

A vulnerability exists in NGINX Ingress Controller’s nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. More information : https://my.f5.com/manage/s/article/K000158176

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-02

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks. More information : https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p

CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link...

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with...

Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. More information : https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-04

Mattermost versions 11.0.x

Mattermost versions 10.11.x

A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient...

Mattermost versions 10.11.x

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 – and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow...

A “Privilege boundary violation” vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the...

Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0. More information : https://www.usom.gov.tr/bildirim/tr-25-0464