SIEMENS RWG1.M12D S55370-C170 has a denial of service vulnerability

SIEMENS RWG1.M12D S55370-C170 programmable general-purpose controllers synthesize Siemens' many years of experience in the building, HVAC, and other industries, based on universal hardware design, programmable software platforms, and powerful communication processing capabilities. SIEMENS RWG1.M1...

Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'

Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft...

January 12, 2021—KB4598245 (OS Build 17134.1967) - EXPIRED

January 12, 2021—KB4598245 OS Build 17134.1967 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality...

Ubuntu: Security Advisory (USN-4681-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the MS-IS...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4681-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4681-1 advisory. Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. A...

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...

Serious vulnerability fixed in Zyxel products

A vulnerability has been fixed in Zyxel products. A researcher found an undocumented user whose both the username and password could be found in plaintext were in firmware. This undocumented account has admin rights. Zyxel has released updates to fix the vulnerability. Zyxel indicated that for AP...

shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass

A flaw was found in Apache Shiro in versions prior to 1.5.3. When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2020-24634

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI Aruba Networks AP Management protocol UDP port 8211 of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility...

CVE-2020-24637

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000...

CVE-2020-24633

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211 of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series...

Code injection

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI Aruba Networks AP Management protocol UDP port 8211 of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility...

CVE-2020-24637

Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000...

CVE-2020-24637

CVE-2020-24637 concerns two vulnerabilities in ArubaOS GRUB2 that allow bypassing secure boot to load an untrusted kernel, potentially compromising system integrity remotely. Affected products include Aruba 9000 Gateway, Aruba 7000 Series Mobility Controllers, and Aruba 7200 Series Mobility Contr...

CVE-2020-24633

CVE-2020-24633: Multiple buffer-overflow flaws in Aruba’s PAPI over UDP port 8211 allow unauthenticated remote code execution on ArubaOS devices. Affected are Aruba 9000 Gateway, Aruba 7000 Series Mobility Controllers, and Aruba 7200 Series Mobility Controllers with versions: 2.1.0.1, 2.2.0.0 and...

CVE-2020-24633

There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211 of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series...

CVE-2020-24634

The CVE-2020-24634 vulnerability affects ArubaOS/PAPI on Aruba AP management UDP port 8211 (Aruba 9000 Gateway, Aruba 7000 and 7200 series mobility controllers). A remote attacker can inject arbitrary commands by sending specially crafted packets. Affected versions include Aruba 9000 gateway, and...

CVE-2020-7541

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

CVE-2020-7542

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium see security notifications for affected versions, that could cause denial of service when a specially crafted Read Physical Memo...