535 matches found
Authentication flaw
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access...
CVE-2017-15534
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access...
CVE-2017-15534
The Norton App Lock prior to version 1.3.0.13 can be susceptible to an authentication bypass exploit. In this type of circumstance, the exploit can allow the user to kill the app to prevent it from locking the device, thereby allowing the individual to gain device access...
CVE-2018-5455
The CVE-2018-5455 vulnerability affects Moxa OnCell G3100-HSPA Series (version 1.4 Build 16062919 and earlier). It stems from reliance on cookies without validation or integrity checking, allowing a cookie parameter consisting only of digits to be brute-forced, bypassing authentication and enabli...
The vulnerability of Microprogrammed Software for Korenix switches, related to the use of pre-installed account data, allows a perpetrator to gain access to the device.
The vulnerability of Microprogrammed Software for Korenix switches relates to the use of pre-set credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device...
Default credentials
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials...
Receiver Warning: "A Potentially UNSAFE Connection to the Computer Has Been Initiated"
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. -Getting warning message:"A potentially UNSAFE connection to the computer has been initiated" when...
CVE-2017-12085
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability...
kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via an application that opens the...
Bypassing VirtualBox Process Hardening on Windows
Posted by James Forshaw, Project Zero Processes on Windows are securable objects, which prevents one user logged into a Windows machine from compromising another user’s processes. This is a pretty important security feature, at least from the perspective of a non-administrator user. The security...
PT-2017-4905 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.x through 4.x Description: The issue is a memory leak in the videobuf subsystem, specifically in the drivers/media/video/videobuf-core.c file. This allows local users to cause a denial of service by consuming memory...
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation
Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualB...
DLL hijacking and the Opera browser
Security DLL hijacking and the Opera browser Share March 10th, 2017 Recently, a collection of documents was released online, which was claimed to have originated with a major World power. The documents listed hacking vectors that could be used to inject code into major operating systems and...
SUSE-SU-2017:0464-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8962: Double free vulnerability in the sgcommonwrite function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges...
CVE-2016-5818
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...
CVE-2016-5818
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device...
BD Alaris 8015 PC Unit (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: BD Alaris 8015 PC Unit Vulnerabilities: Insufficiently Protected Credentials, Security Features 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...
Rockwell Automation MicroLogix 1100 and 1400 Unauthorized Access Vulnerability
Rockwell Automation is a British company that provides industrial automation control and globalized information. the MicroLogix 1100 and 1400 series products are used in food, agriculture, and water and wastewater systems, among other applications. An unauthorized access vulnerability exists in...
CVE-2016-10088
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging access to a...
PT-2016-3112 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.8.13 Description: The issue is related to a use-after-free vulnerability in the kvm ioctl create device function. This vulnerability can be exploited by host OS users to cause a denial of service, resulting in...