Tenable Nessus Agent < 8.2.5 Multiple Vulnerabilities (TNS-2021-12)

According to its self-reported version, the Tenable Nessus agent running on the remote Windows host is prior to 8.2.5. It is, therefore, affected by multiple vulnerabilities: - Multiple local privilege escalation vulnerabilities. A local attacker can exploit these to gain administrator privileges...

F5 BIG-IP Edge Gateway Elevation of Privilege Vulnerability

F5 BIG-IP Edge Gateway is a remote access solution from F5 USA. An elevation of privilege vulnerability exists in F5 BIG-IP Edge Gateway, which stems from a faulty program call to an advanced native procedure, where a non-privileged user uses a malicious DLL to elevate power on a client Windows...

OpenText Brava! 安全漏洞

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. A heap buffer overflow vulnerability exists in the parsing of PDF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

PT-2021-2615 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to incorrect code generation management in the Procedure Call Runtime component of Microsoft Windows operating systems. It allows remote attackers to execute...

Design/Logic Flaw

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...

Vulnerability fixed in Micro Focus products

A vulnerability has been fixed in several Micro Focus products. A malicious party could, by exploiting this vulnerability obtain the permissions with which the Operations Agent is is running on the vulnerable system. For Linux and Windows, these are root and SYSTEM users, respectively. Too little...

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

The mobile application called WiFi Mouse, which allows users to control mouse movements on a PC or Mac with a smartphone or tablet, has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw. Impacted is the Android app’s...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

CVE-2021-22980

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility CTU for Windows could allow an attacker to load a malicious DLL library from its current directory. User...

CVE-2021-22159

Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management formerly ObserveIT Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a...

Code injection

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection AMP for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid...

Backdoor.Win32.Whisper.b Remote Stack Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whisper.b Vulnerability: Remote Stack Corruption Description: Whisper.b listens on TC...

CVE-2021-1237

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option DLO before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create...

Design/Logic Flaw

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engin...

CVE-2020-36161

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engin...

CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option DLO before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create...

Trend Micro Security 2020 Local Elevation of Privilege Vulnerability (CNVD-2020-73785)

Trend Micro Security 2020 is a suite of computer security protection software from Trend Micro. Trend Micro Security 2020 Consumer contains a security vulnerability that can be exploited by an attacker to gain administrative privileges during product installation by placing a specific Windows...

CVE-2020-27696

Trend Micro Security 2020 Consumer contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product...