2318 matches found
CVE-2017-6040
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...
CVE-2017-6038
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...
CVE-2017-6040
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...
CVE-2017-6038
The CVE-2017-6038 CSRF vulnerability affects Belden Hirschmann GECKO Lite Managed switch (version 2.0.00 and prior). The web interface fails to sufficiently verify that requests originate from the submitting user, enabling cross-site request forgery. ICS-CERT/Security advisories note that success...
CVE-2017-6036
CVE-2017-6036 describes a Server-Side Request Forgery (SSRF) in Belden Hirschmann GECKO Lite Managed switch (Web server) affecting v2.0.00 and earlier. The issue arises because the web server does not adequately validate requests to the intended destination, enabling an attacker to obtain sensiti...
CVE-2017-6040
CVE-2017-6040 concerns an Information Exposure in Belden Hirschmann GECKO Lite Managed switch (Version 2.0.00 and earlier). The vulnerability arises from saving a copy of the downloaded configuration file (which includes password hashes) in a location accessible without authentication, enabling a...
4 Cybersecurity Principles That Withstand the Test of Time
Information security can be a noisy place. I’ve been a “security guy” my entire career and have been lucky enough to have a wide range of experiences: software development, IT security in a very large enterprise, vulnerability research and exploitation, and now as an enterprise software vendor...
[SECURITY] Fedora 26 Update: ansible-2.3.1.0-1.fc26
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
VPP Required Apps Might Fail to Install on XenMobile Managed Devices
When too many VPP apps are pushed as required apps, installation may fail. The logs will show the following error. ErrorCode returned by Apple: code=9632, reason='Too many recent calls to manage licenses with identical requests'...
Protecting Your Small Business From WannaCry
May 12, 2017 saw the world’s first ever worm-based ransomware attack, WannaCry. Typically ransomware spreads via email as spam and phishing attacks, and relies on human intervention to initiate the infection. However, WannaCry is different in that it combines ransomware with a recently published...
ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587)
An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server...
[SECURITY] Fedora 25 Update: ansible-2.3.0.0-3.fc25
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
CVE-2017-2319
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authent...
CVE-2017-2320
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the...
CVE-2017-2319
A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authent...
Tenable Appliance Unauthorized Administrator Password Manipulation Vulnerability
The Tenable Appliance is a browser-managed application that hosts a variety of Tenable enterprise applications, including Nessus, SecurityCenter SC and Passive Vulnerability Scanner PVS. An unauthorized administrator password manipulation vulnerability exists in Tenable Appliance, which can be...
CVE-2017-7590
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting XSS attacks within the Admin UI, as demonstrated by a crafted Managed Object Name...
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...
Android Home Screen Hiding Vulnerability
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. A security vulnerability exists in the Android home screen. The vulnerability is caused by the system-level Intent mechanism "android.intent.action.MANAGEDPROFILEADDED" and...
CVE-2016-4927
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle MITM type of attacks while a Space device is communicating with managed devices...