Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

MITRE Rolls Out Supply Chain Security Prototype

Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.

DARKReading
Open in Source
#vulnerability#microsoft#cisco#intel#aws#log4j#dell#ssl
CVE-2021-21548: DSA-2021-134: Dell EMC Unisphere for PowerMax, Dell EMC Unisphere for PowerMax Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance, and Dell EMC PowerMax Embedded Management Security Updat

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

CVE-2023-24571: DSA-2023-046: Dell Client Platform Security Update for BIOS Vulnerabilities

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Red Hat Security Advisory 2023-1203-01

Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The

CVE-2022-48111: WI400 – Web Interface AS400

A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities.

CVE-2022-46752

Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

Tech Giants Go Cloud-Native Shopping

Cisco’s acquisition of cloud-native firewall provider Valtix and HPE’s deal to buy SSE provider Axis Security fill gaps in their existing portfolios.