mercoledì, Gennaio 26, 2022
Advertisement

CVE-2021-24836

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update...

CVE-2021-4104 – Log4J 1.x

Statement Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x CVE-2021-44228 and Red Hat has assessed this to be Moderate severity. Note this flaw...

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. 📖 Read (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44833) via "National Vulnerability Database

Kaseya – Un attacco ransomware a livello globale!

Beginning around mid-day (EDT/US) on Friday July 2, 2021, Kaseya’s Incident Response team learned of a potential security incident involving our VSA software. Kaseya ha riferito che circa 40 suoi clienti (provider/fornitori...

Apple releases fixes for three WebKit zero-days, additional patches for a fourth

Apple has released today security updates for multiple products to patch three zero-days and roll out additional patches for a fourth that the company said they might have been exploited in...

HPESBHF03894 rev.1 – HPE Integrated Lights-Out 5 (iLO 5) Firmware Updates, Local Bypass of...

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03894en_us Release Date: 2018-11-03 Last Updated: 2018-11-03 Potential Security Impact: Local: Bypass Security Restrictions Source: Hewlett Packard Enterprise, HPE Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior...

HPESBHF03866 rev.2 – HPE Integrated Lights-Out 3,4,5 using SSH, Remote Execution of Arbitrary Code,...

Release Date: 2018-10-22 Last Updated: 2018-09-13 Potential Security Impact: Local: Disclosure of Sensitive Information; Remote: Arbitrary Code Execution Source: Hewlett Packard Enterprise, HPE Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in HPE Integrated Lights-Out (iLO) 3, 4, and...

HPESBHF03875 rev.1 – HPE Integrated Lights Out 4 and 5, (iLO 4, 5), Remote...

Release Date: 2018-08-14 Last Updated: 2018-08-15 Potential Security Impact: Remote: Denial of Service (DoS) Source: Hewlett Packard Enterprise, HPE Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE Integrated Lights Out 4 and 5...

HPSBHF02981 rev.4 – HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3,...

SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 1HPSBHF02981 rev.4 - HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC - IPMI...

You Can Bypass Authentication on HPE iLO4 Servers With 29 “A” Characters

Stupid-simple exploit found in HP iLO4 servers Last year, a trio of security researchers discovered such a vulnerability, which they say it can be exploited remotely, via an Internet connection, putting all...