Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt

Summary Multiple Oracle database server security vulnerabilities affect IBM Emptoris Supplier Lifecycle Management. Vulnerability Details CVEID: CVE-2021-2045 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Text component could allow an authenticated attacker to...

CVE-2021-22665

Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system...

CVE-2021-22665

CVE-2021-22665 affects Rockwell Automation DriveTools SP (v5.13 and below) and Drives AOP (v4.12 and below), where an attacker with limited local privileges can exploit an Uncontrolled Search Path Element (CWE-427) to escalate privileges and gain complete control of the system. The Red Hat/NVD/IC...

nodejs: DNS rebinding in --inspect

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86,...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update...

Microsoft Releases February 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and...

PT-2021-2052 · Microsoft · Windows Address Book +1

Name of the Vulnerable Software and Affected Versions: Windows Address Book versions affected versions not specified Description: The issue exists due to insufficient input validation in the Windows Address Book, allowing remote attackers to execute arbitrary code and affect the system. This can ...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and...

CVE-2020-29000

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. An...

CVE-2020-24673

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database such as shutdown the DBMS, recover the content of a given file present on the DBMS file...

CVE-2020-24678

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges...

CVE-2020-24678

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges...

Code injection

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges...

CVE-2020-24678 Potential Privilege Escalation in Symphony Plus

An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges...

CVE-2020-29667

In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration...

CVE-2020-12594

CVE-2020-12594 affects Symantec Messaging Gateway (SMG) appliances prior to version 10.7.4. The issue is a privilege-escalation vulnerability: an authenticated, privileged CLI user can elevate privileges to gain full control over the SMG system. Affected component/condition: CLI access within SMG...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Adobe...

CVE-2020-27708

Origin Client contains a privilege-escalation vulnerability that could allow a non-administrative user to obtain Administrator or System rights, enabling control of the system and actions reserved for high-privileged users. The CVE-2020-27708 entry is corroborated by multiple connected sources (N...

Command Execution Vulnerability in Oracle WebLogic Console (CNVD-2020-59803)

WebLogic Server is Oracle's JavaEE-based middleware for developing, integrating, deploying and managing large-scale distributed Web applications, web applications and database applications. A command execution vulnerability exists in Oracle Weblogic Server. An attacker can exploit the vulnerabili...