Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
2024 - Page 679 of 714 - Cyber Security News
What is the vulnerability?
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by Improper Access Control vulnerabilities that could result in a Security feature bypass. According to the National Vulnerability Database (NVD), exploitation of this issue does not require user interaction. Exploitation of the vulnerabilities could give attacker access to the ColdFusion Administrator (CFM and CFC) endpoints.
What is the Vendor Solution?
Adobe released patches for the security bypass flaws in June 2023, find more information on CVE-2023-26347 at the following reference:
[Link]
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “”Adobe.ColdFusion.IPFilterUtils.Authentication.Bypass” in place for CVE-2023-26347, CVE-2023-38205 since Aug 2023 and Endpoint Vulnerability signature to detect any vulnerable systems.
FortiGuard Labs recommends companies to scan their environment, find vulnerable Adobe ColdFusion servers, and upgrade as per vendor advisory and always follow best practices.
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue.
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
US senators have accused the SEC of failing to properly secure its social media accounts after hackers comprised its X account and posted a fake Bitcoin announcement
