Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36309: DSA-2021-190: Dell Enterprise SONiC OS Security Update for an Information Disclosure Vulnerability | Dell Suomi

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

CVE

Related news

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.

CVE-2020-10052

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.

CVE-2021-36284: DSA-2021-156: Dell Client Security Update for Multiple Vulnerabilities | Dell Suomi

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

CVE-2021-21522: DSA-2021-156: Dell Client Security Update for Multiple Vulnerabilities | Dell Suomi

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

CVE-2021-36283: DSA-2021-156: Dell Client Security Update for Multiple Vulnerabilities | Dell Suomi

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2021-36285: DSA-2021-156: Dell Client Security Update for Multiple Vulnerabilities | Dell Suomi

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

CVE-2021-20790: JVN#81658818: Multiple vulnerabilities in RevoWorks Browser

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.

CVE-2020-7832: KrCERT/CC - KISA 인터넷 보호나라&KrCERT

A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907