Security Advisories & Alerts


Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th...

Read More


Multiple Vulnerabilities in SonicWall SMA 100 Series Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities in SonicWall SMA 100 Series could allow forarbitrary code execution. Successful exploitation of thesevulnerabilities could allow for arbitrary code execution. The SonicWallSMA 100 Series is a unified secure access gateway that enablesorganizations to provide access to any application, anytime, fromanywhere and any devices, including managed and unmanaged. Depending onthe privileges associated with the application, an attacker could theninstall programs; view, change, or delete...

Read More


Apache Log4j2 is vulnerable to RCE via JDBC Appender when an attacker controls configuration

CVE-2021-44832 (CVSS score: 6.6 MEDIUM) – Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE)attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URIwhich can execute remote code. This issue is fixed by limiting...

Read More


Multiple Vulnerabilities in SiemensSolid Edge Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in SiemensSolid Edge, themost severe of which could allow an attacker to cause an arbitrary codeexecution. Siemens Edge is a portfolio of software tools that addressesvarious product development processes: 3D design, simulation,manufacturing and design management. Successful exploitation of the mostsevere of these vulnerabilities could allow for arbitrary codeexecution. Depending on the privileges associated with the user, anattacker could then view...

Read More


Critical Patches Issued for Microsoft Products, December 14, 2021

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...

Read More


Multiple Vulnerabilities in iCloud for Windows Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in iCloud for WindowsCould Allow for Arbitrary Code Execution. iCloud for Windows is a cloudstorage and cloud computing service. Successful exploitation of thesevulnerabilities could result in arbitrary code execution within thecontext of the application, an attacker gaining the same privileges asthe logged-on user, or the bypassing of security restrictions. Dependingon the permission associated with the application running the exploit,an attacker...

Read More


Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th...

Read More


Apache Releases Security Update for HTTP Server

DESCRIPTION:The Apache Software Foundation has released Apache HTTP Server 2.4.52.Reference:https://downloads.apache.org/httpd/Announcement2.4.html CVE-2021-44790 (CVSS score: 9.8- CRITICAL) -A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. CVE-2021-44224...

Read More


A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in Fortinet FortiWeb that couldallow for arbitrary code execution. Fortinet FortiWeb is a firewall forweb applications, which provides threat protection for medium and largeenterprises. Successful exploitation of this vulnerability could allowfor arbitrary code execution within the context of the affectedapplication. Depending on the privileges associated with thisapplication, an attacker could then install programs; view, change, ordelete data; or create new...

Read More


A Vulnerability in Mozilla NSS (Network Security Services) Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in Mozilla’s Network SecurityServices (NSS), a set of cryptography libraries used to handlesignatures and certification validation. Successful exploitation of thisthe vulnerability could allow for arbitrary code execution within thecontext of the affected application, which could be either a client likeThunderbird or server like Apache webserver. Depending on the privilegesassociated with this application, an attacker could then installprograms; view, change, or...

Read More


Page 8 of 66« First...678910...203040...Last »