208 matches found
Code injection
Imperva Web Application Firewall WAF before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF...
PT-2022-5708 · Symantec · Symantec Endpoint Protection
Name of the Vulnerable Software and Affected Versions: Symantec Endpoint Protection Windows versions prior to 14.3 RU6/14.3 RU5 Patch 1 Description: The issue is related to a Security Control Bypass, which can potentially allow a threat actor to circumvent existing security controls. This...
CVE-2021-35534
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
CVE-2021-35534 Insufficient Security Control Vulnerability
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...
CVE-2021-35535 Insufficient Security Control Vulnerability
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process...
CVE-2021-34814
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass...
CVE-2021-34814
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass...
CVE-2021-39304
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass...
Design/Logic Flaw
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass...
Security feature bypass
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass...
CVE-2021-39304
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass...
CVE-2021-34814
CVE-2021-34814 affects Proofpoint Spam Engine prior to 8.12.0-2106240000. The issue is a Security Control Bypass due to an access control error in the product, with impact described as HIGH availability risk (per CVSS 3.1) and no confidential/integrity impact indicated. Connected sources confirm ...
CVE-2021-34814
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass...
Security Bulletin: IBM Security Guardium is affected by a Missing Security Control vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2018-1501 DESCRIPTION: IBM Security Guardium EcoSystem could allow an unauthorized user to obtain sensitive information due to missing security controls. CVSS Base score: 5.3 CVSS Temporal Score: See:...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys Servers, Engines, and Tools Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could give an authenticated...
Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. Tracked as CVE-2021-21985 CVSS score 9.8, the issue stems from a lack of input validation in the Virtual SAN vSAN Health...
Weak Password Vulnerability in ZKNW Security Control System
Ltd. is a national high-tech enterprise, double soft enterprise; the earliest domestic VPN R & D manufacturers, professional network security products R & D manufacturers Weak password vulnerability exists in the security control system of ZKNW, which can be exploited by attackers to obtain...
Weak Password Vulnerability in 26G-2F-MANAGED of Shenzhen WANET Botong Technology Co.
Dedicated to the development and application of network communication products and IoT security control platform, it is a next-generation vendor of intelligent network solutions for weak power and IoT security solutions. Weak password vulnerability exists in 26G-2F-MANAGED of Shenzhen WANET BOTTO...
CVE-2020-21991
The CVE-2020-21991 issue affects AVE DOMINAplus
SQL Injection Vulnerability in ASRock Terminal Security Management System
ASRock Terminal Security Management System is an integrated terminal security product solution for governmental and enterprise organizations. The product integrates anti-virus, terminal security control, terminal access, terminal audit, peripheral control, EDR and other functions, and is compatib...