Aggregator

A vulnerability was found in Dell PowerScale InsightIQ 5.0/5.1. It has been classified as critical. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-39580. Local access is required to approach this attack. There is no exploit available.

vuldb.com

CVE-2024-43387 | Phoenix Contact FL MGUARD 2102 EMAIL_RELAY_PASSWORD os command injection (VDE-2024-039)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument EMAIL_RELAY_PASSWORD leads to os command injection. This vulnerability was named CVE-2024-43387. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-42424 | Dell Precision Rack BIOS up to 2.22.0 information disclosure (dsa-2024-327)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability was found in Dell Precision Rack BIOS up to 2.22.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-42424. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-42425 | Dell Precision Rack BIOS up to 2.22.0 access of memory location after end of buffer (dsa-2024-328)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability has been found in Dell Precision Rack BIOS up to 2.22.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to access of memory location after end of buffer. This vulnerability is known as CVE-2024-42425. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-43393 | Phoenix Contact FL MGUARD 2102 Environment Variable injection (VDE-2024-039)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability, which was classified as critical, was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. Affected is an unknown function of the component Environment Variable Handler. The manipulation of the argument FW_INCOMING.FROM_IP/FW_INCOMING.IN_IP/FW_OUTGOING.FROM_IP/FW_OUTGOING.IN_IP/FW_RULESETS.FROM_IP/FW_RULESETS.IN_IP leads to injection. This vulnerability is traded as CVE-2024-43393. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-43392 | Phoenix Contact FL MGUARD 2102 Environment Variable injection (VDE-2024-039)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability, which was classified as critical, has been found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. This issue affects some unknown processing of the component Environment Variable Handler. The manipulation of the argument FW_INCOMING.FROM_IP/FW_INCOMING.IN_IP/FW_OUTGOING.FROM_IP/FW_OUTGOING.IN_IP leads to injection. The identification of this vulnerability is CVE-2024-43392. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-43391 | Phoenix Contact FL MGUARD 2102 Environment Variable FW_PORTFORWARDING.SRC_IP injection (VDE-2024-039)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability classified as critical was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. This vulnerability affects unknown code of the component Environment Variable Handler. The manipulation of the argument FW_PORTFORWARDING.SRC_IP leads to injection. This vulnerability was named CVE-2024-43391. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-43390 | Phoenix Contact FL MGUARD 2102 Environment Variable FW_NAT.IN_IP injection (VDE-2024-039)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability classified as critical has been found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. This affects an unknown part of the component Environment Variable Handler. The manipulation of the argument FW_NAT.IN_IP leads to injection. This vulnerability is uniquely identified as CVE-2024-43390. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-39583 | Dell PowerScale InsightIQ up to 5.1 risky encryption (dsa-2024-360)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability was found in Dell PowerScale InsightIQ up to 5.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. This vulnerability is handled as CVE-2024-39583. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-39581 | Dell PowerScale InsightIQ up to 5.1 file access (dsa-2024-360)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability was found in Dell PowerScale InsightIQ up to 5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to files or directories accessible. This vulnerability is known as CVE-2024-39581. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-43389 | Phoenix Contact FL MGUARD 2102 Environment Variable injection (VDE-2024-039)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN. It has been classified as critical. Affected is an unknown function of the component Environment Variable Handler. The manipulation of the argument OSPF_INTERFACE.SIMPLE_KEY/OSPF_INTERFACE.DIGEST_KEY leads to injection. This vulnerability is traded as CVE-2024-43389. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Security Training Lab: Educational Program for Universities

Anyrun

9 months 4 weeks ago

At ANY.RUN, we’ve spent over 8 years tackling cybersecurity industry challenges. We built an interactive sandbox and Threat Intelligence Lookup to streamline malware analysis and investigations for hundreds of thousands of professionals worldwide. Now, we’re launching Security Training Lab to address another critical need: equipping future cybersecurity professionals with the skills they need to succeed. […]

The post Security Training Lab: Educational Program <br>for Universities appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

CVE-2024-7734 | Phoenix Contact FL MGUARD 2102 Pathfinder TCP Encapsulation Service allocation of resources (VDE-2024-052)

VulDB Recent Entries

9 months 4 weeks ago

A vulnerability was found in Phoenix Contact FL MGUARD 2102, FL MGUARD 2105, FL MGUARD 4102 PCI, FL MGUARD 4102 PCIE, FL MGUARD 4302, FL MGUARD 4305, FL MGUARD CENTERPORT VPN-1000, FL MGUARD CORE TX, FL MGUARD CORE TX VPN, FL MGUARD DELTA TX, TX, TX VPN, FL MGUARD GT, GT, GT VPN, FL MGUARD PCI4000, FL MGUARD PCI4000 VPN, FL MGUARD PCIE4000, FL MGUARD PCIE4000 VPN, FL MGUARD RS2000 TX, TX-B, FL MGUARD RS2005 TX VPN, FL MGUARD RS4000 TX, TX-M, TX-P, FL MGUARD RS4004 TX, DTX, DTX VPN, FL MGUARD SMART2, FL MGUARD SMART2 VPN, TC MGUARD RS2000 3G VPN, TC MGUARD RS2000 4G ATT VPN, TC MGUARD RS2000 4G VPN, TC MGUARD RS2000 4G VZW VPN, TC MGUARD RS4000 3G VPN, TC MGUARD RS4000 4G ATT VPN, TC MGUARD RS4000 4G VPN and TC MGUARD RS4000 4G VZW VPN and classified as problematic. This issue affects some unknown processing of the component Pathfinder TCP Encapsulation Service. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-7734. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

DoJ Distributes $18.5m to Western Union Fraud Victims

Information Security Magazine

9 months 4 weeks ago

The Justice Department has begun the latest round of fraud reimbursement from the Western Union Remission Fund

微软向开发者推出Office插件开发工具包(VSC版) 方便开发者们开发Office插件

不安全

9 months 4 weeks ago

2024网安周 | 中国网络安全创新创业大赛，梆梆安全荣获解决方案二等奖

嘶吼

9 months 4 weeks ago

2024年9月8日，由中央网信办指导，中国网络安全产业联盟、教育部高等学校网络空间安全专业教学指导委员会、广州市委网信办主办的2024年中国网络安全创新创业大赛总决赛及颁奖典礼在广州南沙成功举办。

“2024年中国网络安全创新创业大赛”是2024年国家网络安全宣传周的重要活动之一，目的是贯彻落实习近平总书记对国家网络安全宣传周作出的关于国家网络安全工作“四个坚持”的重要指示精神，以打造网络安全人才、技术、产业良性发展生态为核心目标，整合“政产学研用”多方优势资源，鼓励网络安全技术创新和优秀人才创业，加速创新成果产业化应用，提升产业综合竞争力，推动产业进入高质量发展的“快车道”。

大赛充分整合2024年网络安全优秀创新成果大赛、第十七届全国大学生信息安全竞赛两大赛事。梆梆安全作为网络安全优秀企业参与“2024年网络安全优秀创新成果大赛”，自5月启动申报，历时4个月，与150余家企业申报的近300项解决方案和创新产品共同角逐。

经过相关行业部门、高校、研究机构以及网络安全投资机构的资深专家评委与观众评委评审，最终梆梆安全汽车信息安全测试平台获得大赛解决方案二等奖。

梆梆安全汽车信息安全测试平台

梆梆安全汽车信息安全测试平台是专为汽车整车及零部件信息安全开发测试而设计的综合安全评估系统。平台基于梆梆安全泰防实验室多年的专业经验和技术积累，集成先进的测试方法和工具，对汽车电子控制单元（ECU）、通信协议、以及整车网络进行全面的安全性分析。利用系统能够检测到潜在的系统漏洞和安全隐患，确保汽车在运行中具备足够的抗攻击能力。

梆梆安全作为全球最早一批开展车联网信息安全研究及服务的企业，于2016年成立安全研究院，深度钻研信息安全管理对汽车产业的重要价值，致力于车联网行业领域的前沿探索与实践研究，专注智能网联车辆的网络安全和数据安全能力的研究与实践应用，广泛参与国内外车联网信息安全相关的标准法规的制定和解读。2021年，联合国欧洲经济委员会（UNECE ）R155法规、R156法规等法规生效，梆梆安全已成功为多家汽车和零部件供应商提供基于合规的车联网安全测试服务。2023年，梆梆安全正式成立“泰防实验室”，专业的车联网技术研究团队，围绕汽车安全检测、渗透测试、创新技术攻关等，为智能网联汽车产业提供强有力的全业务支撑。

多年来持续深耕，现已形成以全面适配监管规范要求、稳定承载关键测试项目、有效覆盖业务需求场景为优势的车联网安全防护体系。在智能网联车辆的安全咨询、安全开发、安全防护、渗透测试、安全合规评估等方向推出了“面向智能网联汽车的完整安全能力产品体系”，为智能网联汽车产业提供强有力的全业务支撑；同时与主机厂、监管机构、高校及科研院所等生态链合作伙伴进行深度合作，共同探索车联网安全前沿领域，切实筑牢汽车企业网络安全屏障。截至目前，已服务头部车企、Tier1零部件供应商等大量专业物联网客户及智能网联汽车项目，致力于保障车辆全生命周期的网络安全，为推动车联网生态圈高质量发展深度赋能。

2024年，梆梆安全“泰防实验室”经中国合格评定国家认可委员会（CNAS）的评审，满足GB/T 40856-2021、GB/T 40857-2021两项国家标准的全部检测要求，具备实施汽车网关和车载信息系统的检测工作能力，正式被授予“实验室认可证书”。这标志着梆梆安全泰防实验室在智能网联汽车信息安全领域的环境硬件设施、检测技术能力、质量管理水平均达到国际认可标准，出具的安全检测报告具有国际权威性与公信力，可依据ILAC框架在全球153个国家和地区实现互认。

梆梆安全

Aggregator

Managed ad