623 matches found
CVE-2022-21828
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3...
What’s Next in Security from Microsoft
One of the biggest challenges in security today is complexity. Not only is there an ever-growing number of threats, but many organizations are defending their companies with a patchwork of security solutions that don’t work well together. This piecemeal approach is costly, less secure, and hinder...
CVE-2022-21327
Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...
Oracle Essbase 安全漏洞
Oracle Essbase is an application from Oracle Corporation Oracle. enables organizations to quickly generate insights from multidimensional data sets using what-if analysis and data visualization tools. A security vulnerability exists in Oracle Essbase's Oracle Essbase Management Services product...
GitLab 资源管理错误漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab There is a resource management error vulnerability, the vulnerability...
Evolving Zero Trust—Lessons learned and emerging trends
Looking back at the last two years, to say that our security strategies have evolved would be an understatement. Organizations around the world made overnight transitions to remote work models in response to a global pandemic, forcing them to reassess attack surface areas as they underwent an...
CVE-2021-42568
Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account...
CVE-2021-36335
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server...
Code injection
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
Microsoft Windows 权限许可和访问控制问题漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows DirectX with privilege license and access control issues. The following products and editions are affected: Windows 10 Version 2004 for...
TangleBot Malware Reaches Deep into Android Device Functions
An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is...
Microsoft Win32k 权限许可和访问控制问题漏洞
Microsoft Win32k is a system file for Windows multi-user administration by Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Win32K with privilege license and access control issues. The following products and editions are affected: Windows Server 2008 for 32-bit Systems Servi...
Apple macOS Big Sur 权限许可和访问控制问题漏洞
Apple macOS Big Sur is a mobile application app from Apple USA. Apple macOS Big Sur suffers from a Permission Permission and Access Control Issue vulnerability that originates from a malicious application that may bypass Gatekeeper checks...
Managing Privileged Access for a Post-COVID Perimeter
For many, 2021 signifies a year of recovery, reflection and reimagining. After the whirlwind year of 2020, we witnessed all aspects and facets of our lives and businesses turn upside down as our communities and economies adapted to the disruptions of the COVID-19 pandemic. As we all know, the...
Istio 权限许可和访问控制问题漏洞
Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to a privilege permission and access control issue that arises from an application that does not properly impose security restrictions. This vulnerability could allow an attacker to access...
CVE-2021-27479
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...
SAP NetWeaver AS ABAP Business Server 跨站脚本漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver AS for ABAP, which can be exploited by an attacker ...
CVE-2021-32458
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to...
CVE-2021-32458
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affected devices. An attacker must first obtain the ability to...
CVE-2021-28649
An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a...