Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine.Tracked as CVE-2021-44757 and rated critical severity, the newly addressed security error is an authentication bypass issue that could allow a remote attacker to perform various a

Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. The issue is an authe

A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns.Tracked as CVE-2021-38178 and featuring a CVSS score of 9.1, the critical vulnerability was addressed on the October 2021 SAP Patch Day.Described as an improper authorizati

A vulnerability in Apple’s implementation of the IndexedDB API in Safari 15 allows websites to track users’ activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains.Used in all major browsers, IndexedDB is a low-level browser API for storing client data, which follows the same-origin po

A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles.Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device.The attacke

Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator.Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists because there was no server-side validatio

German software maker SAP this week announced its first set of security updates for 2022, including patches for more applications affected by the Log4Shell vulnerability.Last month, after revealing it had identified 32 applications that use the vulnerable Apache Log4j library, the company released patches for 20 of them.On its January 2022 Security Patch Day

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.The bug, tracked as CVE-2022-21907 and patched during this month's Patch Tuesday, was discovered in the HTTP Protocol Stack (HTTP.sys) used as a protocol listener for processi

A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns.Developed by KCodes, NetUSB was designed to enable the interaction between remote network devices in a network and USB devices that are connected to a router. A driver needs to be installed on the

A vulnerability addressed recently in Apple’s macOS platform could be exploited to gain unauthorized access to a user’s personal data, Microsoft explains.Tracked as CVE-2021-30970, the new security error, which Microsoft calls powerdir, allows an attacker to bypass the platform’s Transparency, Consent, and Control (TCC) technology and “potentially orchestrat

Document Title:===============cWifi Hotspot Wireless CP - Code Execution VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2310Release Date:=============2021-12-15Vulnerability Laboratory ID (VL-ID):====================================2310Common Vulnerability Scoring System:=============================

Document Title:===============Easy Cart Shopping Cart - (Search) Persistent VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2298Release Date:=============2021-12-15Vulnerability Laboratory ID (VL-ID):====================================2298Common Vulnerability Scoring System:==========================

Document Title:===============Rocket LMS v1.1 - (History) Persistent XSS VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2305Release Date:=============2021-12-29Vulnerability Laboratory ID (VL-ID):====================================2305Common Vulnerability Scoring System:=============================

A critical, unauthenticated remote code execution vulnerability has been impacting the H2 database console since 2008.An open-source Java SQL database, H2 is an in-memory solution that eliminates the need to store data on disk, and is one of the most popular Maven packages, having roughly 7,000 artifact dependencies,Tracked as CVE-2021-42392, the newly discl

byPaul DucklinThe Federal Trade Commission (FTC) is the US consumer rights body, and it has sailed into 2022 with a bang, not a whimper.Using the infamous Log4Shell vulnerability as what you might call its Exhibit A, the FTC has fired a shot across the bows of companies in US jurisdictions, telling them to get their patching in order, or face the consequence