CVE-2019-10169

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...

Citrix ShareFile storage zones Controller multiple security updates

Description of Problem Security issues have been identified in customer-managed Citrix ShareFile storage zone controllers. These vulnerabilities, if exploited, would allow an unauthenticated attacker to compromise the storage zones controller potentially giving an attacker the ability to access...

CVE-2019-10169

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...

How to Migrate Veeam Agent Backup Files to Cloud Connect Repository

Purpose This article documents the available methods to migrate backup data from Standalone deployments of Veeam Agent for Microsoft Windows or Veeam Agent for Linux from a non-Cloud Connect Repository to a Cloud Connect repository, allowing the original backup job to continue utilizing that back...

Acronis: Reflected XSS on http://www.grouplogic.com/files/glidownload/verify.asp

Hello there, I hope you are well! As I see, Group Logic is your subsidary and www.grouplogic.com is a managed website by Acronis. F803772 I found a reflected xss on http://www.grouplogic.com/ PoC:...

New iPhone Zero-Day Discovered

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was...

Elevation of Privilege Vulnerability in Multiple NETGEAR Products (CNVD-2021-67654)

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A security vulnerability exists in several NETGEAR products. An attacker could exploit the vulnerability to elevate privileges...

Path traversal vulnerability in multiple NETGEAR products

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A path traversal vulnerability exists in several NETGEAR products. The vulnerability stems from a network system or product failing to properly filter specific elements in a resource or file path. An attacker could use this...

Elevation of Privilege Vulnerability in Multiple NETGEAR Products (CNVD-2021-63373)

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A security vulnerability exists in several NETGEAR products. An attacker could exploit the vulnerability to elevate privileges...

NETGEAR Elevation of Privilege Vulnerability

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A security vulnerability exists in several NETGEAR products. An attacker could exploit the vulnerability to elevate privileges...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2021-59152)

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A cross-site scripting vulnerability exists in several NETGEAR products. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execu...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2021-59153)

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A cross-site scripting vulnerability exists in several NETGEAR products. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execu...

Cross-site scripting vulnerability in multiple NETGEAR products (CNVD-2020-42022)

NETGEAR M4300-28G and others are a managed switch from NETGEAR. A cross-site scripting vulnerability exists in multiple NETGEAR products. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can exploit this vulnerability to execute...

Elevation of privilege vulnerabilities in multiple NETGEAR products

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A security vulnerability exists in several NETGEAR products. An attacker could exploit the vulnerability to elevate privileges...

Description of the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010

Describes the issues that are fixed in the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2010.SummaryThis article describes the Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist...

Command injection

An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems...

CentOS 7 : bind (RHSA-2020:1061)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory. - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in...

The vulnerability of the managed-keys function in the DNS BIND server allows for unlimited resource distribution, enabling attackers to cause service failures.

The vulnerability of the managed-keys function in the DNS BIND server is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Update Rollup 12 for System Center 2012 R2 Operations Manager

Update Rollup 12 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 12 for Microsoft System Center 2012 R2 Operations Manager. It also contains the installation instructions for this update. Issues that are fixed in Operatio...

bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed b...