CVE-2020-7337

CVE-2020-7337 affects McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16, where an incorrect permission assignment for a critical resource enables local administrators to bypass local security protections by manipulating Code Integrity checks tied to Windows Defender Application Control. The...

Mcafee McAfee VirusScan Enterprise Permission License and Access Control Issues Vulnerability

Mcafee VirusScan Enterprise VSE is a suite of antivirus software from the American company Mcafee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A security vulnerability exists in McAfee VirusScan Enterprise 8....

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS Domain Name System related outage and Distributed denial of service DDoS lead a negative impact on...

Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs

The role of the Windows PC and trust in technology are more important than ever as our devices keep us connected and productive across work and life. Windows 10 is the most secure version of Windows ever, built with end-to-end security for protection from the edge to the cloud all the way down to...

Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs

The role of the Windows PC and trust in technology are more important than ever as our devices keep us connected and productive across work and life. Windows 10 is the most secure version of Windows ever, built with end-to-end security for protection from the edge to the cloud all the way down to...

The vulnerability of the PowerShellGet command interpreter on Windows operating systems allows an attacker to execute arbitrary code. This vulnerability stems from security flaws in the PowerShell interpreter’s mechanisms.

The vulnerability of the PowerShellGet command interpreter on Windows operating systems is related to security vulnerabilities in its implementation. Exploiting this vulnerability allows an attacker to bypass Windows Defender Application Control and execute arbitrary code...

CVE-2020-7334

CVE-2020-7334 affects McAfee Application and Change Control (MACC) installer. The vulnerability is an improper privilege assignment in the installer component, allowing local administrators to change or update configuration settings by using a crafted MSI file that mimics the genuine installer. T...

Akamai Enhances its Cloud Secure Web Gateway with DLP, Application Control and DNS over TLS (DoT)

Last March, Akamai announced the launch of its secure web gateway delivered at the edge, to help enterprises further accelerate their transition to a new security architecture based on Zero Trust and secure access service edge SASE principles. As we now know, we were just on the cusp of a global...

PT-2020-4389 · Microsoft · Windows +2

Name of the Vulnerable Software and Affected Versions: PowerShellGet V2 module affected versions not specified Description: The issue is related to security mechanism shortcomings in the PowerShellGet module of the Windows operating system. It allows an attacker to bypass Windows Defender...

CVE-2020-15595

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature to configure elements included in the scope of elements managed by the product allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product...

CVE-2020-15595

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature to configure elements included in the scope of elements managed by the product allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product...

Design/Logic Flaw

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature to configure elements included in the scope of elements managed by the product allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product...

Server side request forgery (ssrf)

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product...

CVE-2020-15594

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product...

CVE-2020-15594

CVE-2020-15594 affects Zoho Application Control Plus prior to version 10.0.511. The mail gateway configuration feature exposes a Server-Side Request Forgery (SSRF) flaw that enables an attacker to scan for open ports and discover reachable machines on the same network segment. The issue is mitiga...

CVE-2020-15595

An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature to configure elements included in the scope of elements managed by the product allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product...

CVE-2020-15595

CVE-2020-15595 affects Zoho Application Control Plus versions prior to 10.0.511. The issue lies in the Element Configuration feature, which can be abused to retrieve the full list of configured IP ranges and subnets, enabling an attacker to map the internal networks the product can reach. Impact ...

PT-2020-14520 · Zoho · Zoho Application Control Plus

Name of the Vulnerable Software and Affected Versions: Zoho Application Control Plus versions prior to 10.0.511 Description: An issue in the Element Configuration feature of Zoho Application Control Plus allows an attacker to retrieve the list of IP ranges and subnets configured in the product...

PT-2020-14519 · Zoho · Zoho Application Control Plus

Name of the Vulnerable Software and Affected Versions: Zoho Application Control Plus versions prior to 10.0.511 Description: A Server-Side Request Forgery SSRF issue was discovered in the mail gateway configuration feature, allowing an attacker to perform a scan and discover open ports on a machi...

The vulnerability of the application control tool. Windows Defender Application Control (WDAC), a PowerShell Core automation tool, allows a hacker to execute arbitrary code.

The vulnerability of the application control tool, Windows Defender Application Control WDAC, a PowerShell Core automation tool, is related to errors during command validation. Exploiting this vulnerability allows an attacker to execute arbitrary code...