Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-24743: List of bug fixes and feature enhancements - ManageEngine Applications Manager

An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.

CVE

Related news

CVE-2021-36183: PSIRT Advisories | FortiGuard

An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.

CVE-2021-42542: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

CVE-2021-42538: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

CVE-2021-42540: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

CVE-2021-42539: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

CVE-2021-22535: Potential information disclosure vulnerability (CVE-2021-22535)

Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.

CVE-2021-22526: Potential redirection vulnerability (CVE-2021-22526)

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

CVE-2021-22527: Potential information leakage vulnerability (CVE-2021-22527)

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907