BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System
This advisory contains mitigations for a protection mechanism failure vulnerability in BD Pyxis medical devices.
Hirschmann Automation and Control HiOS and HiSecOS Products
This advisory contains mitigations for a classic buffer overflow vulnerability in Hirschmann Automation and Control HiOS and HiSecOS software.
Mitsubishi Electric MELSEC
This advisory contains mitigations for an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC programmable controllers.
Schneider Electric Modicon Controllers (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-20-016-01 Schneider Electric Modicon Controllers that was published January 16, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for several improper check for unusual or...
BIG-IP HTTP profile vulnerability CVE-2020-5857
BIG-IP HTTP profile vulnerability CVE-2020-5857 Security Advisory Security Advisory Description Undisclosed HTTP behavior may lead to a denial of service. (CVE-2020-5857) Impact This vulnerability ...
Cisco Finesse Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device.
The vulnerability exists because the software fails to sanitize URLs before it handles requests....
VU#962085: Versiant LYNX Customer Service Portal is vulnerable to stored cross-site scripting
The Versiant LYNX Customer Service Portal(CSP)is a"full-service customer portal that provides real-time information to terminal operators on the status of shipments into and out of a marine container terminal". The LYNX CSP,version 3.5.2,is vulnerable to stored cross-site scripting,which could...
VU#944837: Vertiv Avocent UMG-4000 vulnerable to command injection and cross-site scripting vulnerabilities
The Vertiv Avocent UMG-4000 contains multiple vulnerabilities that could allow an authenticated attacker with administrative privileges to remotely execute arbitrary code. The web interface does not sanitize input provided from the remote client,making it vulnerable to command injection,stored cross-site...
ImageMagick vulnerability CVE-2019-13135
ImageMagick vulnerability CVE-2019-13135 Security Advisory Security Advisory Description ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage ...
Vulnerability Summary for the Week of March 23, 2020
Original release date: March 30, 2020The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...
Samba vulnerability CVE-2019-14907
Samba vulnerability CVE-2019-14907 Security Advisory Security Advisory Description All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it ...
eglibc vulnerability CVE-2013-4357
eglibc vulnerability CVE-2013-4357 Security Advisory Security Advisory Description The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue ...
Linux kernel vulnerability CVE-2020-9383
Linux kernel vulnerability CVE-2020-9383 Security Advisory Security Advisory Description An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a ...
Linux kernel vulnerability CVE-2011-0699
Linux kernel vulnerability CVE-2011-0699 Security Advisory Security Advisory Description Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local ...
Linux kernel vulnerability CVE-2020-7053
Linux kernel vulnerability CVE-2020-7053 Security Advisory Security Advisory Description In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), ...
Dueling Network – 5,473,883 breached accounts
In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another...
Apple Security Advisory 2020-03-25-2
Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Apple Security Advisory 2020-03-25-1
Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly.
The vulnerability is due to improper...
Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability exists because the affected software insufficiently validates Cisco...
Palantir, The $20 Billion, Peter Thiel-Backed Big Data Giant, Is Providing A Coronavirus Monitoring Tool To The CDC
Palantir will help the Centers for Disease Control keep on top of ventilator and mask needs to treat coronavirus victims, sources say.
Defense Evasion Dominated 2019 Attack Tactics
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
OpenWRT is vulnerable to attacks that execute malicious code
Enlarge (credit: OpenWRT)
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital...
Privacy in critical care after telehealth demands jump
As coughs and body aches drive anxious Americans to telemed services in record numbers, relieving the burden on medical facilities stressed to breaking with COVID-19 cases, the subsequent relaxation of privacy requirements puts them at risk of PHI compromises,...
