Tagged: Cybersecurity Alert

Mattermost versions 10.5.x

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted...

Mattermost versions 10.11.x

Mattermost versions 10.5.x

Mattermost versions 10.10.x

HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts...

HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the...

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP...

SQL injection in Sergestec’s SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the ‘id’ parameter in ‘/index.php?view=ticket_detail’. More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sergestec-products

Insecure direct object reference (IDOR) vulnerability in Sergestec’s Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the ‘id’ parameter in ‘/admin/ticket_a4.php’. More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sergestec-products

Stored Cross-Site Scripting (XSS) in Sergestec’s Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the ‘obs’ parameter in ‘/admin/index.php?action=product_update’....

Mattermost versions 10.5.x

SQL injection in Sergestec’s Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the ‘cat’ parameter in ‘/public.php’. More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sergestec-products

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field. More information : https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-m474-39rw-v8gm