Security Advisories & Alerts


A Vulnerability in Polkit’s pkexec Component Could Allow For Local Privilege Escalation

DESCRIPTION:A vulnerability in Polkit’s pkexec component could allow for localprivilege escalation. Polkit (formerly PolicyKit) is a component forcontrolling system-wide privileges in Unix-like operating systems. Itprovides an organized way for non-privileged processes to communicatewith privileged ones. Polkit is installed by default on all major Linuxdistributions. Successful exploitation of this vulnerability couldresult in privilege escalation to root privileges. IMPACT:A vulnerability in Polkit ‘s pkexec component could allow...

Read More


A Vulnerability in F5Networks BIG-IP Could Allow for Denial of Service

DESCRIPTION:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service (DoS). BIG-IP is a family of productscovering software and hardware designed around application availability,access control, and security solutions. Successful exploitation of thisvulnerability could allow an attacker to cause a denial of service toall servers sitting behind the BIG-IP system. IMPACT:A vulnerability has been discovered in F5Networks BIG-IP, which couldresult in a denial-of-service...

Read More


CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability

CVE SummaryCVE Base Score: 9.8 CRITICAL (CVSS:3.1)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and MetricsBase Score: 9.8 CRITICALVector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HImpact Score: 5.9Exploitability Score: 3.9Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope(S): UnchangedConfidentiality(C): HighIntegrity (I): HighAvailability (A): High CVE Released: Jan 11, 2022, Last updated: Jan 12, 2022 Description:This vulnerability concerns the HTTP stack (http.sys) used in listening to process HTTP requests on...

Read More


A Vulnerability in Citrix Workspace App for Linux Could Allow for Local Privilege Escalation

DESCRIPTION:A vulnerability has been discovered in Citrix Workspace App for Linux, avirtual desktop application. Successful exploitation of thisvulnerability could allow for local privilege escalation. A privilegeescalation enables the attacker to obtain root privileges within thesystem which will enable them to install programs; view, change, ordelete data; or create new accounts with full user rights. IMPACT:A vulnerability has been discovered in Citrix Workspace App for Linux,...

Read More


Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Adobe products, themost severe of which could allow for Arbitrary Code Execution. * Acrobat and Reader is a family of application software and Webservices mainly used to create, view, and edit PDF documents.* Illustrator is a vector graphics editor and design program.* Bridge is a digital asset management application.* Adobe InCopy is a professional word processor.* InDesign is an...

Read More


Critical Patches Issued for Microsoft Products, January 11, 2022

DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft products, themost severe of which could allow for remote code execution in thecontext of the logged on user. Depending on the privileges associatedwith the user, an attacker could then install programs; view, change, ordelete data; or create new accounts with full user rights. Users whoseaccounts are configured to have fewer user rights on the system could beless impacted...

Read More


Multiple Vulnerabilities in Distributed Data Systems WebHMI Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Distributed DataSystems WebHMI, the most severe of which could allow for arbitrary codeexecution. Distributed Data Systems WebHMI is a SCADA system with abuilt-in web server that allows you to monitor and control anyautomation system on the local network and via the Internet from yourcomputer and mobile devices. Successful exploitation of the most severeof these vulnerabilities could allow an administrator...

Read More


A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in HP FutureSmart that could allowfor arbitrary code execution. HP FutureSmart is a piece of systemfirmware that is used on all HP Enterprise devices. Successfulexploitation of this vulnerability could allow for arbitrary codeexecution within the context of the affected application. Depending onthe privileges associated with this application, an attacker could theninstall programs; view, change, or delete data; or create new...

Read More


A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution

DESCRIPTION:A vulnerability has been discovered in multiple NETGEAR products, whichcould allow for arbitrary code execution. Successful exploitation ofthis vulnerability could allow for arbitrary code execution in thecontext of the root user. An attacker could then install programs; view,change, or delete data; or create new accounts with full user rights. IMPACT:  RIMM researchers are reported to have an exploit capable ofcompromising fully patched devices that are running...

Read More


Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in largeorganizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe...

Read More


Page 6 of 65« First...45678...203040...Last »