2290 matches found
CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...
CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...
CVE-2019-10166
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...
D-Link 6600-AP XSS / DoS / Information Disclosure
Security Advisory - 22/07/2019 Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware version 4.2.0.14. D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described on the D-Link website. Not that this product is built for...
Hard Pass: Declining APT34’s Invite to Join Their Professional Network
Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers a...
libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would...
CVE-2019-11991
HPE has identified a vulnerability in HPE 3PAR Service Processor SP version 4.1 through 4.4. HPE 3PAR Service Processor SP version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service...
CVE-2019-11991
HPE has identified a vulnerability in HPE 3PAR Service Processor SP version 4.1 through 4.4. HPE 3PAR Service Processor SP version 4.1 through 4.4 has a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service...
Cynet Launches Free Offering For Incident Response Service Providers
More and more, organizations take the route of outsourcing incident response to Managed Security Service Providers. This trend is distinct regardless of the organization's cyber maturity level and can be found across a wide range of cyber maturity, from small companies with no dedicated security...
libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients
It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would...
CVE-2019-1891
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of requests sent to the web...
CVE-2019-1892
A vulnerability in the Secure Sockets Layer SSL input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. The vulnerability is due to improper validation of HTTPS...
Input validation
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper validation of requests sent to the web...
CVE-2019-1892
CVE-2019-1892 affects Cisco Small Business 200/300/500 Series Managed Switches. The vulnerability resides in the SSL input packet processor where HTTPS packets are not properly validated, allowing an unauthenticated remote attacker to trigger memory corruption and a device reload, causing DoS. Ex...
Siemens SCALANCE XR526-8C Managed IE Switch
Binary data 764617.prm...
Siemens SCALANCE XR524-8C Managed IE Switch
Binary data 764610.prm...
Siemens SCALANCE XR552-12M Managed IE Switch
Binary data 764628.prm...
Siemens SCALANCE XR524-8C Managed IE Switch
Binary data 764609.prm...
Siemens SCALANCE XR524-8C Managed IE Switch
Binary data 764614.prm...
Siemens SCALANCE XR552-12M Managed IE Switch
Binary data 764626.prm...