NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities

The National Security Agency NSA has released an advisory on advanced persistent threat APT actors exploiting multiple vulnerabilities in Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Adobe Releases Security Updates for ColdFusion

Adobe has released security updates to address vulnerabilities in ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Adobe Security...

Microsoft Windows Diagnostics Hub CVE-2019-1232 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to elevate the privileges and take control of an affected system. Technologies Affected Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 15.0 Microsoft...

The vulnerability of the Portable Clusterware component of the Oracle Database Server management system allows a hacker to gain full control over the database management system.

The vulnerability of the Portable Clusterware component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the database management system...

CVE-2019-1193

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

CVE-2019-1168

An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially...

CVE-2019-1144

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

PT-2019-3067 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to errors in handling objects in memory by the Chakra scripting engine in Microsoft Edge. This could allow a remote attacker to execute arbitrary code using a...

Industrial Security Featuring Delta's enteliBUS Manager

ARCHIVED STORY From Building Control to Damage Control: A Case Study in Industrial Security Featuring Delta's enteliBUS Manager By Mark Bereza · August 09, 2019 Management. Control. It seems that you can’t stick five people in a room together without one of them trying to order the others around...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 7 and Java™ Version 8 that is used by IBM Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in Apr 2019. Vulnerability Details CVEID: CVE-2019-10245...

Vulnerabilities in Multiple VPN Applications

The Cybersecurity and Infrastructure Security Agency CISA is aware of vulnerabilities affecting multiple Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

Summary There are several vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. Vulnerability Details CVEID: CVE-2019-10245 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a metho...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2019 - Includes Oracle Apr 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability...

The vulnerability of the DirectComposition component in Windows operating system kernels allows a perpetrator to execute arbitrary code and gain control over the vulnerable system.

The vulnerability of the DirectComposition component in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain control over the vulnerable system...

Atlassian Releases Security Updates for Jira

Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

DirectWrite Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wi...