Lucene search
K

2319 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 7:29 p.m.38 views

Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service

Summary A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in...

5.3CVSS1.1AI score0.07336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/13 7:23 p.m.53 views

Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service

Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper...

8.8CVSS2.1AI score0.01649EPSS
Exploits1Affected Software1
NVD
NVD
added 2021/05/13 2:15 p.m.21 views

CVE-2021-20997

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users...

7.5CVSS0.01016EPSS
Exploits0References1
NVD
NVD
added 2021/05/13 2:15 p.m.20 views

CVE-2021-20998

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...

10CVSS0.01111EPSS
Exploits0References1
Prion
Prion
added 2021/05/13 2:15 p.m.23 views

Code injection

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties...

5CVSS5.3AI score0.00752EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2021/05/13 2:15 p.m.17 views

Code injection

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management...

4.3CVSS6.3AI score0.00629EPSS
Exploits0References1Affected Software5
Prion
Prion
added 2021/05/13 2:15 p.m.20 views

Authorization

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...

7.5CVSS9.3AI score0.01111EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2021/05/13 1:45 p.m.21 views

CVE-2021-20998 WAGO: Managed Switches: Unauthorized creation of user accounts

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users...

10CVSS9.6AI score0.01111EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/13 1:45 p.m.26 views

CVE-2021-20997 WAGO: Managed Switches: Unauthorized access to password hashes

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users...

7.5CVSS7.7AI score0.01016EPSS
Exploits0References1
CVE
CVE
added 2021/05/13 1:45 p.m.53 views

CVE-2021-20998

CVE-2021-20998 affects WAGO 750-88x series managed switches/PLCs. The vulnerability enables unauthorized creation of user accounts via specially crafted packets, indicating an unauthenticated access path that can impact confidentiality, integrity, and availability. Public references describe the ...

10CVSS9.5AI score0.01111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/13 1:45 p.m.24 views

CVE-2021-20993 WAGO: Managed Switches: Exposure of sensitive information through directory listing

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory...

5.3CVSS5.6AI score0.00793EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/05/13 1:45 p.m.26 views

CVE-2021-20995 WAGO: Managed Switches: Storage of user credentials in a cookie

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials...

5.3CVSS7.8AI score0.00542EPSS
Exploits0References1
CVE
CVE
added 2021/05/13 1:45 p.m.59 views

CVE-2021-20996

The CVE-2021-20996 entry concerns WAGO managed switches. Affected product: multiple WAGO managed switches across different versions. Vulnerability: specially crafted requests can cause cookies to be transferred to third parties, exposing session-related data. Root cause details are limited in the...

5.3CVSS5.2AI score0.00752EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/13 1:45 p.m.48 views

CVE-2021-20995

CVE-2021-20995 affects multiple WAGO managed switches across versions, where the web UI’s server cookies expose user credentials. The issue stems from the web server handling cookies insecurely, enabling exposure of authentication data. Documented impact relates to confidentiality (credentials di...

7.5CVSS6.3AI score0.00542EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/13 1:45 p.m.20 views

CVE-2021-20996 WAGO: Managed Switches: Unsecure Cookie settings

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties...

5.3CVSS5.5AI score0.00752EPSS
Exploits0References1
CVE
CVE
added 2021/05/13 1:45 p.m.54 views

CVE-2021-20994

CVE-2021-20994 concerns a cross-site scripting vulnerability in WAGO 750-88x series managed switches. The root cause is insufficient validation of client-side data in the WEB application, allowing an attacker to trick a legitimate user into clicking a link that injects malicious code into the web...

8.8CVSS6.6AI score0.00629EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/13 1:45 p.m.27 views

CVE-2021-20994 WAGO: Managed Switches: Reflected Cross-site Scripting

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management...

8.8CVSS8.8AI score0.00629EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2021/05/10 1:59 p.m.136 views

MDR Vendor Must-Haves, Part 10: Included Security Orchestration and Automation

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Cybersecurity teams continue to be challenged by resource constraints and disconnected toolsets. One method of...

Exploits0
Citrix
Citrix
added 2021/04/27 10:1 a.m.213 views

Citrix ShareFile storage zones controller security update

Description of Problem A security issue has been identified in the Citrix ShareFile storage zones controller which, if exploited, would allow an unauthenticated attacker to remotely compromise the storage zones controller. The issue has been given the following identifier: CVE-ID | Description |...

9.8CVSS9.9AI score0.01081EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/04/22 9:7 p.m.3 views

ansible: multiple modules expose secured values

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...

5.5CVSS6.9AI score0.00333EPSS
Exploits0References4
Rows per page
Query Builder