CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in Identity Services Engine ISE. An authenticated malicious person could exploit the vulnerabilities on the management interface to perform a stored Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser us...

Linux Kernel Bug Opens Door to Wider Cyberattacks

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug CVE-2020-28588 exists in the /proc/pid/syscall functionality of 32-bit ARM devices running...

Vulnerability fixed in Drupal

A vulnerability has been fixed in Drupal. An unauthenticated remote malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. For this vulnerabilit...

Security Bulletin: Vulnerabilities in Linux Kernel and Java affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in the Linux Kernel and Java may affect IBM Spectrum Protect Plus. The Java vulnerabilities were disclosed as part of the Java Critical Patch Updates in July and October 2020. UPDATED: 3 March 2021: Added CVE-2020-10711 Vulnerability Details CVEID: CVE-2020-14782...

Vulnerabilities fixed in Zimbra

Vulnerabilities have been fixed in JQuery as used by Zimbra. A malicious party could exploit the vulnerabilities to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. Few substantive details...

SUSE-SU-2020:3257-1 Security update for ceph, deepsea

This update for ceph, deepsea fixes the following issues: - Update to 14.2.13-398-gb6c514eec7: + Upstream 14.2.13 release see https://ceph.io/releases/v14-2-13-nautilus-released/ bsc1151612, bsc1158257 ceph-volume: major batch refactor - Update to 14.2.12-436-g6feab505b7: + Upstream 14.2.12 relea...

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday. The flaws open up handsets made by Google, Samsung, LG, Xiaomi and OnePlus to DoS and escalation-of-privilege...

Security Bulletin: IBM Sterling Connect:Direct FTP+ is affected by a vulnerability in the IBM Runtime Environment, Java™ Technology Edition (CVE-2013-1500)

Summary IBM Sterling Connect:Direct FTP+ is shipped with IBM Runtime Environment, Java™ Technology Edition the “IBM RE”, that is based on an Oracle Java Runtime Environment JRE. Oracle has released the June 2013 critical patch updates CPU that contain security vulnerability fixes for the JRE. The...

SUSE-SU-2020:1991-1 Security update for xrdp

This update for xrdp fixes the following issues: - Security fixes bsc1173580, CVE-2020-4044: + Add patches: xrdp-cve-2020-4044-fix-0.patch xrdp-cve-2020-4044-fix-1.patch + Rebase SLE patch: xrdp-fate318398-change-expired-password.patch - Update patch: + xrdp-Allow-sessions-with-32-bpp.patch.patch...

This Week in Security News: 5 Reasons to Move Your Endpoint Security to the Cloud Now and ICEBUCKET Group Mimics Smart TVs to Steal Ad Money

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about 5 reasons your organization should consider moving to a cloud managed solution. Also, read about a massive online fraud operatio...

Solaris 10 (sparc) : 142529-02

SunOS 5.10: uptime w utmpupdate whodo patch. Date this patch was last updated by Sun : Apr/13/20 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid135436; scriptversion"1.3";...

Solaris 10 (sparc) : 119059-74

X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/04/19 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid130508; scriptversion"1.3"; scriptcvsdate"Date: 2020/01/07...

Solaris 10 (x86) : 125720-71

X11 6.8.0x86: Xorg server patch. Date this patch was last updated by Sun : Nov/04/19 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid130511; scriptversion"1.3"; scriptcvsdate"Date:...

CVE-2019-11651

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web reques...

Solaris 10 (x86) : 119784-42

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Android Security Bulletin—May 2019Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-05-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Denial Of Service (DoS)

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this fla...

Adobe Releases February 2019 Patch Updates For 75 Vulnerabilities

Welcome back! Adobe has today released its monthly security updates to address a total of 75 security vulnerabilities across its various products, 71 of which resides in Adobe Acrobat and Reader alone. February 2019 patch Tuesday updates address several critical and important vulnerabilities in...

Solaris 10 (sparc) : 152927-02

JavaSE 8: update 202 patch equivalent to JDK 8u202, 64bit. Date this patch was last updated by Sun : Jan/14/19 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid121179;...