Privilege Escalation

github.com/openbao/openbao is vulnerable to Privilege Escalation. The vulnerability is due to accounts with access to privileged identity entity systems in root namespaces being able to escalate privileges to the global root policy...

Fortinet FortiManager Licensing Issue Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and...

Fortinet FortiManager 代码注入漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and...

Fortinet FortiManager 授权问题漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and...

FortiManager - Access Control missing in P&O module assignment vulnerability

An improper authentication vulnerability CWE-287 in FortiManager may allow a standard user to assign or un-assign a global policy package via a POST request to flatui/json module...

AD Starter Scan - Non-Expiring Account Password

Binary data adsiaccountpwd.nbin...

Gartner report recommends a smart approach to enterprises needing to incorporate data privacy capabilities to manage evolving regulatory guidelines

In a recent Gartner report The State of Privacy and Personal Data Protection, 2020-2022, the authors assume that “through 2022, privacy-driven spending on compliance tooling will increase to more than US$8 billion worldwide. By 2023, 65 percent of the world’s population will have its personal...

Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

Schneider Electric Modicon M580 UMAS read memory block information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS read memory block function of the Schneider Electric Modicon M580 programmable automation controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of memory, resulting...

SOL29154575 - ImageMagick vulnerability CVE-2016-3717

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL10550253 - ImageMagick vulnerability CVE-2016-3715

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SOL03151140 - ImageMagick vulnerability CVE-2016-3714

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Chrome Adds Ability to Force Ephemeral Mode

Google has made a subtle change to the admin console in its Chrome browser, which is used in enterprise environments to help set policies for employee use, which will allow administrators to force users to browse in ephemeral mode. The change won’t have any effect on typical individual users who...