Critical Bugs in Rockwell, Johnson Controls ICS Gear

Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems ICS gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in...

CVE-2020-8819

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefore bypass...

CVE-2018-16994

CVE-2018-16994 affects Phoenix Contact AXL F BK PN <=1.0.4, AXL F BK ETH <=1.12, AXL F BK ETH XC

About the security content of tvOS 13.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

CVE-2019-11292

CVE-2019-11292 affects Pivotal Ops Manager: versions 2.4.x before 2.4.27, 2.5.x before 2.5.24, 2.6.x before 2.6.16, and 2.7.x before 2.7.5 log all query parameters to Tomcat’s access log; if params serve authentication, credentials may be logged. Root cause: parameter logging leakage into logs. I...

Sql injection

An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-8803

An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials...

CVE-2019-8803

An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials...

CVE-2019-8704

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information...

CVE-2019-8634

An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account...

CVE-2019-8704

CVE-2019-8704 affects Apple devices (notably the tvOS 13 update) in the Keyboards component, where an authentication/state-management issue could allow a local user to leak sensitive information. The descriptor shows the flaw as addressed with improved state management and fix in tvOS 13. The con...

PT-2019-19128 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.5 Description: An authentication issue was addressed with improved state management, potentially allowing a user to be unexpectedly logged in to another user’s account. Recommendations: For macOS versions prior t...

Password field not displayed for published apps in Windows Server 2019

When publishing any O365 app such as Excel or Word, users are prompted to authenticate to Office 365 to activate the app. Password field is not rendered when the app is published so users can never authenticate. This also occurs with RDP initial app. Microsoft has reproduced the issue with using...

PAN-OS: Custom-role users may escalate privileges

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9....

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

CVE-2019-3424

authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations...

About the security content of watchOS 6.1

About the security content of watchOS 6.1 This document describes the security content of watchOS 6.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of tvOS 13.2

About the security content of tvOS 13.2 This document describes the security content of tvOS 13.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of iOS 13.2 and iPadOS 13.2

About the security content of iOS 13.2 and iPadOS 13.2 This document describes the security content of iOS 13.2 and iPadOS 13.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...