VU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due to OPENSSLDIR location
Overview
McAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable...
VU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
Overview
Various Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use...
VU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass
Overview
Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password...
VU#930724: Apache Log4j allows insecure JNDI lookups
Overview
Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute...
VU#999008: Compilers permit Unicode control and homoglyph characters
Overview
Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers...
VU#883754: Salesforce DX Command Line Interface (CLI)
Overview
The default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create...
VU#608209: NicheStack embedded TCP/IP has vulnerabilities
Overview
HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to...
VU#357312: HTTP Request Smuggling in Web Proxies
Overview
HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver...
VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks
Overview
Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a...
VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass
Overview
A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based...
VU#506989: Microsoft Windows 10 gives unprivileged user access to SAM, SYSTEM, and SECURITY files
Overview
Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and...
VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files
Overview
Microsoft Windows allows for non-admin users to be able to install printer drivers via Point...
VU#383432: Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE
Overview
The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which...
VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data
Overview
Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow...
VU#667933: Pulse Connect Secure Samba buffer overflow
Overview
Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may...
AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps
Enlarge (credit: Getty Images | zf L)
AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...
Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
DC, 3 States Sue Google Saying it Invades Users' Privacy
The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked.
read more
A flaw in Rust Programming language could allow to delete files and directories
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system.
The maintainers of the Rust programming language have released a security update for a high-severity...
Personal identifying information for 1.5 billion users was stolen in 2021, but from where?
Threat intelligence company Black Kite found that the majority of attacks were against healthcare providers, involved ransomware and succeeded thanks to software vulnerabilities.
