Security
Headlines
HeadlinesLatestCVEs

Headline

Misconfigured Apache Airflow Platforms Threaten Organizations

Security researchers found thousands of credentials for popular cloud-hosted services exposed on insecure instances of the popular workflow management technology.

DARKReading

Related news

CVE-2021-29908: Security Bulletin: IBM Virtualization Engine TS7700 Management Interface (CVE-2021-29908)

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.

CVE-2021-41299: TWCERT/CC台灣電腦網路危機處理暨協調中心-ECOA BAS controller - Use of Hard-coded Credentials

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.

iOS 15.0 Gamed Information Disclosure

Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.

CVE-2020-4805: IBM Edge information disclosure CVE-2020-4805 Vulnerability Report

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.

CVE-2020-4690: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

CVE-2020-4803: Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4803).

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.

CVE-2020-4809: IBM Edge information disclosure CVE-2020-4809 Vulnerability Report

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.

CVE-2020-4690: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

CVE-2020-4803: Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4803).

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.

OMIGOD: Azure Users Warned of Critical OMI Vulnerabilities

Security researchers share the details of four flaws in Open Management Infrastructure, which is deployed on a large number of Linux virtual machines in Azure.

ECOA Building Automation System Hard-coded Credentials SSH Access

The BAS controller is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device.

CVE-2019-5461: HackerOne

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

DARKReading: Latest News

Too Much 'Trust,' Not Enough 'Verify'