2319 matches found
Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in...
Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper...
CVE-2021-20997
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users...
CVE-2021-20998
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...
Code injection
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties...
Code injection
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management...
Authorization
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...
CVE-2021-20998 WAGO: Managed Switches: Unauthorized creation of user accounts
In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...
CVE-2021-20997 WAGO: Managed Switches: Unauthorized access to password hashes
In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users...
CVE-2021-20998
CVE-2021-20998 affects WAGO 750-88x series managed switches/PLCs. The vulnerability enables unauthorized creation of user accounts via specially crafted packets, indicating an unauthenticated access path that can impact confidentiality, integrity, and availability. Public references describe the ...
CVE-2021-20993 WAGO: Managed Switches: Exposure of sensitive information through directory listing
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory...
CVE-2021-20995 WAGO: Managed Switches: Storage of user credentials in a cookie
In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials...
CVE-2021-20996
The CVE-2021-20996 entry concerns WAGO managed switches. Affected product: multiple WAGO managed switches across different versions. Vulnerability: specially crafted requests can cause cookies to be transferred to third parties, exposing session-related data. Root cause details are limited in the...
CVE-2021-20995
CVE-2021-20995 affects multiple WAGO managed switches across versions, where the web UI’s server cookies expose user credentials. The issue stems from the web server handling cookies insecurely, enabling exposure of authentication data. Documented impact relates to confidentiality (credentials di...
CVE-2021-20996 WAGO: Managed Switches: Unsecure Cookie settings
In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties...
CVE-2021-20994
CVE-2021-20994 concerns a cross-site scripting vulnerability in WAGO 750-88x series managed switches. The root cause is insufficient validation of client-side data in the WEB application, allowing an attacker to trick a legitimate user into clicking a link that injects malicious code into the web...
CVE-2021-20994 WAGO: Managed Switches: Reflected Cross-site Scripting
In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management...
MDR Vendor Must-Haves, Part 10: Included Security Orchestration and Automation
This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Cybersecurity teams continue to be challenged by resource constraints and disconnected toolsets. One method of...
Citrix ShareFile storage zones controller security update
Description of Problem A security issue has been identified in the Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller. The issue has been given the following identifier: CVE-ID | Description |...
ansible: multiple modules expose secured values
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...