Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

rConfig < 3.9.5 Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

CVE-2020-8994

An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or password, read the dialogue text files between users and XIAOMI AI speaker, use Text-To-Speech tools pretend XIAOMI...

Point-to-Point Protocol Daemon Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take control of an affected system. Point-to-Point Protocol Daemon is used to establish...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The...

Security Updates for Microsoft Office Products (February 2020) (macOS)

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to Microsoft Excel improperly handling objects in memory. An attacker who successfully exploited the vulnerability...

CVE-2009-4067

Buffer overflow in the auerswaldprobe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system...

Buffer overflow

Buffer overflow in the auerswaldprobe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system...

CVE-2009-4067

Buffer overflow in the auerswaldprobe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability Details CVEID: CVE-2017-3511...

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account Vulnerability

Exploit for hardware platform in category web applications Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account

WEMS BEMS 21.3.1 - Undocumented Backdoor Account Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL:...

WEMS BEMS 21.3.1 - Undocumented Backdoor Account

Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5552.php WEMS BEMS 21.3.1 Undocumented Backdo...

WEMS BEMS 21.3.1 Undocumented Backdoor Account

Summary We WEMS offer the world's first fully wireless energy management system. Our solution enables your organization to take control of its energy costs, by monitoring lighting, heating and air conditioning equipment to identify wastage across multiple sites and start saving money instantly...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2017-10198 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2018-3139 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticate...