Phoenix Contact managed FL SWITCH information disclosure vulnerability

Phoenix Contact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications in industries such as communications, critical manufacturing and information technology. An information disclosure vulnerability exists in Phoenix Contact...

VMSA-2018-0012:VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

VMSA-2018-0012.1 VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0012.1 VMware Security Advisory Severity: Moderate VMware Security Advisory...

CVE-2018-10729

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user...

Hardcoded credentials

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

CVE-2016-9335

CVE-2016-9335 affects Red Lion Controls Sixnet-Managed Industrial Switches (firmware 5.0.196) and AutomationDirect/Stride-Managed Ethernet Switches (firmware 5.0.190). The root cause is hard-coded HTTP SSL/SSH keys that cannot be regenerated, causing all devices to share the same key. Consequence...

CVE-2016-9335

A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed...

Don’t just add the Security “S” to your Managed Services

Expanding and putting more focus on your current security offerings is a great way to find new business opportunities. Adding the “S” is the easy part; just ask any managed service provider that views security as just a “checkbox” and offers one of the cheaper or RMM-integrated security offerings...

Microsoft Office: Prevent users from changing permissions on rights managed content

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013preventuserchangepermissions.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Prevent users from changing permissions on rights managed content Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...

Microsoft Office: Protect document metadata for rights managed Office Open XML Files

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013protectrightsmanagedfilesmetadata.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Protect document metadata for rights managed Office Open XML Files Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbon...

ICSA-18-107-05_Rockwell Automation Stratix Industrial Managed Ethernet Switch

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix Industrial Managed Ethernet Switch Vulnerabilities : Improper Input Validation, Resource Management Errors, 7PK – Errors, Improper...

Authentication flaw

The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker...

NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases

Scuba is a free and easy-to-use tool that uncovers hidden security risks. Scuba is frequently updated with content from Imperva’s Defense Center researchers. With Scuba you can: Scan enterprise databases for vulnerabilities and misconfigurations Identify risks to your databases Get recommendation...

CVE-2017-6230

The CVE-2017-6230 entry concerns Ruckus Networks Solo APs (firmware R110.x or earlier) and SZ managed APs (firmware R5.x or earlier). It describes an authenticated Root Command Injection vulnerability in the web-GUI, enabling an authenticated user to execute privileged commands on affected system...

Default configuration

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...

CVE-2017-2293

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...

CVE-2017-2293

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...

CVE-2017-2293

Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this...

VulnCheck KEV: CVE-2018-20753

Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices...

HP Printers DLL Signature Validation Vulnerability (Jan 2018)

Multiple HP Printers perform insufficient Solution DLL Signature Validation, allowing for potential execution of arbitrary code. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Carbon Black Named a Visionary in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms

For the second consecutive year, Carbon Black has been named a “Visionary” in Gartner’s Magic Quadrant for Endpoint Protection Platforms. For this year’s edition of the MQ, Gartner evaluated Cb Defense, our flagship solution built on the Cb Predictive Security Cloud ™ PSC. Our vision for the PSC ...