VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR...
VU#213092: Pulse Connect Secure vulnerable to authentication bypass that could allow for remote code execution
Overview
Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker...
VU#240785: Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs
Overview
Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows...
VU#466044: Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths
Overview
Siemens Totally Integrated Administrator (TIA) fails to properly set the module search path to be...
VU#794544: Heap-Based Buffer Overflow in Sudo
Overview
A heap-based overflow has been discovered in sudo, which may allow a local attacker to...
VU#125331: Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs
Overview
Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to...
VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning
Overview
Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a...
VU#843464: SolarWinds Orion API authentication bypass allows remote comand execution
Overview
The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker...
VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
Veritas Backup Exec contains a privilege escalation vulnerability due to the use of an OPENSSLDIR...
VU#815128: Embedded TCP/IP stacks have memory corruption vulnerabilities
Overview
Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices,...
VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection
Overview
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to...
VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks
Overview
The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely...
VU#760767: Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable...
VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs
Overview
Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to...
VU#114757: Acronis backup software contains multiple privilege escalation vulnerabilities
Overview
Acronis True Image, Cyber Backup, and Cyber Protection all contain privilege escalation vulnerabilities, which can...
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The...
NSA and ODNI analyze potential risks to 5G networks
U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering.
The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
