121 matches found
CVE-2020-25777
Trend Micro Antivirus for Mac 2020 Consumer is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or ope...
CVE-2008-7217
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and...
Winzip for Mac SEoL (8.0.x)
According to its version, Winzip For Mac is 8.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...
macsec: Fix use-after-free while sending the offloading packet
...
Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085 CVSS scores: 7.3/7.8, has been described as a use-after-free bug in the Core Med...
CVE-2022-48882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
CVE-2022-48882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
DEBIAN-CVE-2022-48882
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
CVE-2022-48882 net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
CVE-2022-48882 net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
CVE-2022-48882
CVE-2022-48882: In the Linux kernel, a macsec null-dereference could occur in the net/mlx5e hw-offload path when updating a SecY with extended packet number (epn) enabled. The macsec SA initialization would fetch salt and ssci from the rx_sa context, which may be unavailable during SecY property ...
CVE-2022-48882 net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY)
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity SecY Upon updating MAC security entity SecY in hw offload path, the macsec security association SA initialization routine is called. In case of...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible null pointer dereference issue in the net/mlx5e component when updating MAC security entities...
Siemens RUGGEDCOM 信息泄露漏洞
Siemens RuggedCom ROS is an operating system from Siemens, Germany, used in the RuggedCom series of switches. An information disclosure vulnerability exists in Siemens RUGGEDCOM ROS, which can be exploited by an attacker to retrieve a MACSEC key and access decrypt Ethernet frames sent by an...
Staying Five Steps Ahead of Cyber Risk
Organizations are continuously seeking effective strategies to protect their digital environments. With over 26,000 vulnerabilities discovered last year, Qualys Vulnerability Management, Detection, and Response VMDR offers a comprehensive solution designed to meet the needs of both security and I...
FortiClientMac 安全漏洞
Fortinet FortiClientMAC is a security tool for the macOS platform from Fortinet, Inc. A security vulnerability exists in FortiClientMac versions 7.2.3 and earlier, 7.0.10 and earlier, which stems from a vulnerability that could allow a local attacker to execute arbitrary code or commands by writi...
Webinar recap: 6 critical cyberthreats in 2024 and how to counter them
Our webinar on the 2024 State of Malware report is now available on-demand. Featuring cybersecurity experts Mark Stockley and Jérôme Segura, this webinar unpacks 2024’s most critical cyberthreats, including big game ransomware, malvertising, and emerging challenges to mobile and Mac security. Key...
WithSecure products Security breaches
WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products, which stems from the fact that the engine scanning program may enter an infinite loop when processing archived files, resulting in a denial of service. T...
PT-2023-9248 · Siemens · Ruggedcom Rst2228
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RST2228 versions prior to V5.9.0 RUGGEDCOM RST2228P versions prior to V5.9.0 Description: A vulnerability has been identified in the web server of the affected systems, which leaks the MACSEC key in clear text to a logged-in user...
CVE-2021-3187
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script that executes as root from a temporary directory during install time. This applies to macOS before 10.15.5, or Security Update...