CVE-2022-26676

CVE-2022-26676 concerns the product aEnrich a+HRD . The vulnerability stems from inadequate privilege restrictions on an API function, enabling an unauthenticated remote attacker to upload and execute malicious scripts, potentially allowing control of the system or disruption of services. This al...

CVE-2022-26676 aEnrich a+HRD - Broken Access Control

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

Cisco VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

PT-2022-07: Insufficient authentication in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to authenticate using a NULL-session. This may lead to gaining control over the target system. Vulnerability status: Confirmed by vendor Date of vulnerability...

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, allowing a hacker to gain full control over the operating system.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the use of strictly encrypted login credentials during the installation of UltraVNC. Exploiting this vulnerability can allow a malicious actor to gain full control over the operating...

Microsoft Releases March 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s March 2022 Security Update Summary and...

Security Bulletin: Some unspecified vulnerabilities in Java SE result in the unauthenticated attacker to take control of the system or some impact

Summary An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: A vulnerability in IBM Java Runtime affects TXSeries for Multiplatforms

Summary TXSeries for Multiplatforms has addressed the following vulnerabilities reported by IBM® Runtime Environment Java™ Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker t...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-3511, CVE-2017-10115, CVE-2017-10116)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped and used by IBM Spectrum Control and Tivoli Storage Productivity Center. These issues were disclosed as part of the IBM Java SDK updates in April and July 2017. Vulnerability Details CVEID: CVE-2017-35...

Mozilla Releases Security Update for Thunderbird  

Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 91.6.1 and make the necessary...

VMware Releases Security Updates for Multiple Products

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisories VMSA-2022-0004 and and VMSA-2022-0005...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Security Directory Server SDS. A new fix has addressed the issues. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allo...

CVE-2022-22544

Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite - October 2021 CPU

Summary There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Security Directory Suite. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements as wel...

TIBCO Security Advisory: February 15, 2022 - TIBCO BusinessConnect Container Edition -2021-43050

TIBCO BusinessConnect Container Edition administrative username and passwords leakage Original release date: February15, 2022 Last revised: --- CVE-2021-43050 Source: TIBCO Software Inc. Products Affected TIBCO BusinessConnect Container Edition versions 1.1.0 and below The following component is...

ASUS VivoMini/Mini PC Input Validation Error Vulnerability

The ASUS VivoMini/Mini PC is an ultra-thin compact mini PC from ASUS of Taiwan, China. The ASUS VivoMini/Mini PC suffers from an input validation error vulnerability that originates from a local attacker with system privileges who can modify the memory using a System Management Interrupt SMI, whi...

Input validation

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt SMI to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service...