Aggregator

A vulnerability, which was classified as critical, has been found in Symantec Enterprise Firewall 320/360/360r. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-1472. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Cisco IOS up to 12.0(3). Affected by this issue is some unknown functionality of the component Telnet TCP Connection Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-1464. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability classified as critical was found in Symantec Firewall and VPN 100/200/200R. Affected by this vulnerability is an unknown functionality of the component UDP Portscan Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2004-1472. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Novell BorderManager 3.8. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2004-1457. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Cvstrac 1.1/1.1.1/1.1.2/1.1.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument rcsinfo leads to improper privilege management. This vulnerability is handled as CVE-2004-1456. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS up to 12.3XE and classified as critical. This issue affects some unknown processing of the component OSPF Packet Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2004-1454. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Jetbox One CMS 2.0.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2004-1448. An attack has to be approached locally. There is no exploit available.

九月榜单终于来啦

全业务通用漏洞四倍11.25~12.1 科技业务专项双倍11.25~12.6

实现优秀的网络覆盖性能和实时防御能力

A vulnerability, which was classified as problematic, has been found in Linux Kernel 2.4.x. This issue affects the function sendmsg. The manipulation leads to deadlock. The identification of this vulnerability is CVE-2004-1016. Attacking locally is a requirement. Furthermore, there is an exploit available.

Растущая популярность соцсети вызвала волну преступных действий по краже криптовалюты пользователей.

Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team.  As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security. In

Новый способ сохранить порядок там, где он обычно отсутствует.

Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and

Security Operations Purchase Brings Cloud-Native XDR, MDR to IT Management Platform
With Adlumin’s cloud-native XDR and MDR services, N-able consolidates its position as a leader in IT management. Buying the Washington D.C.-based security operations vendor for up to $266 million drives value through AI-powered threat detection and compliance solutions tailored for MSPs.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability
• CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
• CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.