Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory , that disclosed two vulnerabilities.
Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA...
VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR...
VU#213092: Pulse Connect Secure vulnerable to authentication bypass that could allow for remote code execution
Overview
Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker...
NTP vulnerability CVE-2018-7184
NTP vulnerability CVE-2018-7184 Security Advisory Security Advisory Description ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote ...
Hitachi ABB Power Grids Ellipse APM
This advisory contains mitigations for a Cross-site Scripting vulnerability in Hitachi ABB Power Grids Ellipse APM asset performance software.
Rockwell Automation Stratix Switches
This advisory contains mitigations for a Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of Sensitive Information Into Log File, Command Injection, and Improper Input Validation vulnerability in Rockwell Automation Stratix Switches.
Delta Industrial Automation COMMGR
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Delta Industrial Automation COMMGR communication management software.
Delta Electronics CNCSoft ScreenEditor
This advisory contains mitigations for an Out-of-bounds Read vulnerability in Delta Electronics CNCSoft ScreenEditor software.
Delta Electronics CNCSoft-B
This advisory contains mitigations for Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Delta Electroncs CNCSoft-B software management platform.
Eaton Intelligent Power Manager
This advisory contains mitigations for SQL Injection, Eval Injection, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, and Code Injection vulnerabilities in Eaton Intelligent Power Management monitoring software.
Siemens Mendix
This advisory contains mitigations for an Improper Privilege Management vulnerability in Siemens Mendix low-code development software.
Mitsubishi Electric MELSEC iQ-R Series (Update C)
This updated advisory is a follow-up to the advisory update titled ICSA-20-161-02 Mitsubishi Electric MELSEC iQ-R series (Update B) that was published November 5, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a resource exhaustion...
Siemens and PKE SiNVR/SiVMS Video Server (Update A)
This updated advisory is a follow-up to the original advisory titled ICSA-20-070-01 Siemens SiNVR 3 that was published March 10, 2020, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Cleartext Storage in a File or on...
WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations
If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
Japan accuses Chinese military of cyber-attacks on its space agency
200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
Japan accuses Chinese military of cyber-attacks on its space agency
200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
Tool links email addresses to Facebook accounts at scale
Enlarge (credit: Getty Images)
Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
With details sparse, vendors scramble to make sense of Biden 100-day grid security plan
The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
