CVE-2020-15484

The CVE-2020-15484 issue affects Nescomed Multipara Monitor M1000 devices, where the underlying Linux system stores data in cleartext with no integrity protection. The risk is limited to data confidentiality and tampering protection within the device’s storage; the reports do not provide exploit ...

IBM Security Guardium Insights Open Redirection Vulnerability

IBM Security Guardium Insights is a modern hybrid cloud data security hub designed to provide a reliable view of an organization's data security and compliance posture. IBM Security Guardium Insights 2.0.1 suffers from an open redirection vulnerability. An attacker could exploit this vulnerabilit...

Microsoft and Corrata integrate to extend cloud app security to mobile endpoints

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. The growth of mobile and remote work and the emergence of the “post perimeter” world has made keeping track of shadow IT a huge challenge for enterprise IT teams. What...

Jack Daniels, Ritz London Face Cyberattacks

A pair of cyberattacks on high-profile targets – the owner of the Jack Daniels distillery and the iconic Ritz London hotel – have resulted in the exposure of sensitive information. The maker behind Jack Daniels and other alcoholic beverages, Brown-Forman Corp., has suffered a recent cyberattack b...

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

PT-2020-6685 · Fuel Cms · Fuel Cms

Name of the Vulnerable Software and Affected Versions: FUEL CMS version 1.4.7 Description: The issue is related to a lack of protection in the SQL query structure, allowing for SQL injection. This can be exploited via the col parameter in API endpoints such as "/pages/items", "/permissions/items"...

Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

If you haven't recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and...

Zero Trust: From security option to business imperative overnight

Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As...

Twitter Fixes High-Severity Flaw Affecting Android Users

Twitter has fixed a vulnerability in its Android app, which could have enabled attackers to access private Twitter data, like direct messages DMs on Android devices. The flaw is related to an underlying Android operating system OS security issue CVE-2018-9492, which affects operating system...

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data...

Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft

A popular online social service, Meetup, has fixed several critical flaws in its website. If exploited, the flaws could have enabled attackers to hijack any Meetup “group,” access the group’s member details and even redirect Meetup payments to an attacker-owned PayPal account. Meetup is a service...

TikTok is being discouraged and the app may be banned

In recent news retail giant Amazon sent a memo to employees telling them to delete the popular social media app TikTok from their phones. In the memo it stated that the app would pose a security risk without going into details. Later the memo was withdrawn without an explanation except that it wa...

Cleaner One Pro Speeds Up Your Mac: Part 2

In Part 1 of this blog, we introduced Trend Micro Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we resume the discussion of how to make your Mac run faster with the remaining Cleaner One Pro...

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-67492)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

Oracle Fusion Middleware WebCenter Sites Cross-Site Scripting Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collections, and more. WebCenter Sites is a Web experience management component that enables marketers and...

CVE-2020-14544

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Domain & Function Security. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Domain & Function Security. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2020-14685

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2020-14615

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2020-14544

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Data, Domain & Function Security. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...