985 matches found
Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware
Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...
CVE-2021-21530
Dell OpenManage Enterprise-Modular OME-M versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the syste...
CVE-2021-21530
CVE-2021-21530 affects Dell OpenManage Enterprise-Modular (OME-M) prior to 1.30.00. An authenticated low-privilege user can bypass restrictions and escape the restricted environment to access sensitive information, causing information disclosure and elevation of privilege.
CVE-2021-21530
Dell OpenManage Enterprise-Modular OME-M versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the syste...
CVE-2020-27009
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...
CVE-2020-15795
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...
CVE-2021-25677
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions = V0.5.0.0 V1.0.0.0, TALON TC Compact BACnet All versions V3.5.5, TALON TC Modular BACnet All versions V3.5.5. The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the D...
CVE-2021-25677
CVE-2021-25677 concerns DNS transaction ID randomness in Siemens DNS clients across multiple products (APOGEE PXC BACnet/P2 Ethernet, Nucleus NET/ReadyStart, SIMOTICS CONNECT 400, TALON TC). Root cause: DNS client does not properly randomize transaction IDs, enabling potential DNS cache poisoning...
PT-2021-3712 · Apache +3 · Apache Http Server +4
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.47 mod http2 version 1.15.17 Description: The issue is related to the HTTP/2 protocol handler in the Apache HTTP Server, which checks received request headers against size limitations. If these restrictions are...
PT-2021-2645 · Unknown · Apogee Pxc Compact +5
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...
PT-2021-2649 · Siemens +1 · Simotics Connect 400 +7
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...
PT-2021-2646 · Siemens +1 · Simotics Connect 400 +8
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...
PT-2021-2648 · Siemens +1 · Simotics Connect 400 +7
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...
[SECURITY] Fedora 33 Update: grub2-2.06~rc1-1.fc33
The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...
IcedID Banking Trojan Surges: The New Emotet?
The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers. IcedID a.k.a. BokBot, bears similarities to Emotet in that it’s a modular malware that started life as a banking trojan used to steal financial information...
[SECURITY] Fedora 34 Update: grub2-2.06~rc1-2.fc34
The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...
The vulnerability of the microprogramming software of the Intel Modular Server MFS2600KI arises from copying buffers without checking the size of the input data. This allows a malicious actor to cause service failures.
The vulnerability of the Microprogramming Software of the Intel Modular Server MFS2600KI is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the microprogramming software of the Intel Modular Server MFS2600KI arises from copying buffers without checking the size of the input data. This allows attackers to exploit this vulnerability to increase their privileges.
The vulnerability of the Microprogramming Software of the Intel Modular Server MFS2600KI is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...
TrickBot Takes Over, After Cops Kneecap Emotet
A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point’s list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point’s list, and it was fourth overall f...
nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this...