43 matches found
Buffer overflow
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211. Successful exploitation of these vulnerabilities result...
CVE-2022-37879
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
CVE-2022-37883
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
Security feature bypass
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...
Security feature bypass
Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...
Remote code execution
Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch...
Windows 11 is out. Is it any good for security?
Windows 11, the latest operating system OS from Microsoft, launches today, and organizations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the...
N.Y. Could Ban Cities from Paying Ransomware Attackers
New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack. State Senators Phil Boyle, George M. Borrello and Sue Serino introduced Senate Bill S7246 earlier this month, in response to the rising tide of cyberattacks targeting government agencies and...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...
Seven Must-Dos to Secure MySQL 8.0
Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...
Seven Must-Dos to Secure MySQL 8.0
Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database version brings security upgrades. Use them...
Disqus Hacked: More than 17.5 Million Users' Details Stolen in 2012 Breach
Another day, Another data breach disclosure. This time the popular commenting system has fallen victim to a massive security breach. Disqus, the company which provides a web-based comment plugin for websites and blogs, has admitted that it was breached 5 years ago in July 2012 and hackers stole...
Realtyna RPL, All versions, SQL Injection and Abandonware
Realtyna RPL, All versions, SQL Injection and abandonware The developer no longer supports Joomla! The site is still online, but there are redirects to the Wordpress version. We asked the developer about the prospect of a security release, and received this reply: It’s almost 2 years that we...
Patrick Wardle on macOS Gatekeeper, Crypto Enhancements
At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...
io.js 'V8 utf-8 decoder' Denial Of Service Vulnerability - Windows
io.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:iojs:io.js"; ifdescripti...
USN-2657-1: unattended-upgrades vulnerability
It was discovered that unattended-upgrades incorrectly performed authentication checks in certain configurations. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages...
New Microsoft Edge Browser Includes Range of Security Upgrades
For many years now, the browser has been the most dangerous piece of software on most users’ machines. Attackers love to target browsers and a remote code execution bug in a major browser is gold for them. The browser vendors have been making gradual changes to better protect users in recent year...
Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists
When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...
Better Security, 'Progressive Encryption' in Silent Text 2.0
Silent Circle has released a new version of its private text messaging and secure file transfer service for Android and iOS mobile devices. Silent Text 2.0 includes a number of security and user-interface upgrades. The company claims this version eliminates a keying delay issue that existed in...
Netherlands, Canada Say WhatsApp Still Violates Privacy Laws
Dutch and Canadian officials say the popular mobile text messaging app WhatsApp violates their countries’ privacy laws because it rifles through users’ contacts to find other devices hooked up to the service. The announcement Monday follows a joint investigation launched a year ago into whether...