Skip to content
GeekWire
  • Home
  • News
    • CERT
    • EXPLOITS
    • NCSC
    • NVD
    • SECURELIST
    • US-CERT
  • Security
    • Books
    • Pentest
    • Privacy
  • GHDB
  • CHDB
  • Archive
  • About
    • Privacy Policy
    • Terms of Use
    • External Links
    • Sitemap
GeekWire
  • Home
  • News
    • CERT
    • EXPLOITS
    • NCSC
    • NVD
    • SECURELIST
    • US-CERT
  • Security
    • Books
    • Pentest
    • Privacy
  • GHDB
  • CHDB
  • Archive
  • About
    • Privacy Policy
    • Terms of Use
    • External Links
    • Sitemap

CERT

VU#240785: Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs

18 February 2021

Overview

Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run …

Tags CERT

VU#466044: Siemens Totally Integrated Automation Portal vulnerable to privilege escalation due to Node.js paths

9 February 2021

Overview

Siemens Totally Integrated Administrator (TIA) fails to properly set the module search path to be used by a privileged …

Tags CERT

VU#794544: Heap-Based Buffer Overflow in Sudo

4 February 2021

Overview

A heap-based overflow has been discovered in sudo, which may allow a local attacker to execute commands with elevated …

Tags CERT

VU#125331: Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs

1 February 2021

Overview

Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary …

Tags CERT

VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning

19 January 2021

Overview

Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating …

Tags CERT

VU#843464: SolarWinds Orion API authentication bypass allows remote command execution

27 December 2020

Overview

The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API …

Tags CERT

VU#843464: SolarWinds Orion API authentication bypass allows remote comand execution

26 December 2020

Overview

The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API …

Tags CERT

VU#429301: Veritas Backup Exec is vulnerable to privilege escalation due to OPENSSLDIR location

23 December 2020

Overview

Veritas Backup Exec contains a privilege escalation vulnerability due to the use of an OPENSSLDIR …

Tags CERT

VU#815128: Embedded TCP/IP stacks have memory corruption vulnerabilities

8 December 2020

Overview

Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have …

Tags CERT

VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection

23 November 2020

Overview

VMware Workspace One Access, Access Connector, …

Tags CERT

VU#231329: Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

10 November 2020

Overview

The Replay Protected Memory Block (RPMB) protocol found in several storage specifications does not securely protect …

Tags CERT

VU#208577: Chocolatey Boxstarter is vulnerable to privilege escalation due to weak ACLs

9 November 2020

Overview

Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run …

Tags CERT
Post navigation
Older posts
Page1 Page2 … Page16 Next →
Cookie-Free

NVD

CVE-2020-36240 – The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1. …

1 March 2021

CVE-2021-22114 – Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, e …

1 March 2021

CVE-2021-25914 – Prototype pollution vulnerability in ‘object-collider’ versions 1.0.0 through 1.0.3 allows …

1 March 2021

CVE-2021-27225 – In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integrat …

1 March 2021

CVE-2021-25122 – When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0 …

1 March 2021

CVE-2021-25329 – The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9. …

1 March 2021

EXPLOITS

Covid-19 Contact Tracing System 1.0 – Remote Code Execution (Unauthenticated)

1 March 2021

Online Catering Reservation System 1.0 – Remote Code Execution (Unauthenticated)

1 March 2021

VMware vCenter Server 7.0 – Unauthenticated File Upload

1 March 2021

WiFi Mouse 1.7.8.5 – Remote Code Execution

1 March 2021

FortiLogger 4.4.2.2 – Unauthenticated Arbitrary File Upload (Metasploit)

1 March 2021

Remote Desktop Web Access – Authentication Timing Attack (Metasploit Module)

26 February 2021

SECURELIST

Mobile malware evolution 2020

1 March 2021

The state of stalkerware in 2020

26 February 2021

Lazarus targets defense industry with ThreatNeedle

25 February 2021

DDoS attacks in Q4 2020

16 February 2021

Spam and phishing in 2020

15 February 2021

How kids coped with COVID-hit winter holidays

4 February 2021

Information Cyber Network Enterprise Security News

© 2021 GeekWire | Privacy Policy | Cookie-Free | We are not responsible for the content of external sites.