alarmSecurity News

Huge news from Apple: No, not mags, games or TV – more than 50 patched security bugs
2019-03-26 00h18
Apple rolls out repairs for 51 iOS flaws, including nasty ones In addition to teasing the world...
CyberX raises $18 million to protect industrial control systems from cyberattack
2019-03-26 00h00
CyberX, the IIoT and industrial control system (ICS) security company, announced that it has...
One reason why you shouldn't allow your web browser to save your passwords
2019-03-25 22h47
Jack Wallen explains why you should never allow your web browser to save passwords--and what you...
Why Simpler is Better for CISOs
2019-03-25 22h18
Trend Micro's Steve Neville on Managing Today's Complex Technical LandscapeSimpler is better....
Enterprise Security in the Era of Digital Transformation
2019-03-25 21h48
Stan Lowe of Zscaler on How CISOs Can Help Drive Revenue Growth SecurelyDigital transformation...
Inside Netscout's Threat Report
2019-03-25 21h18
Hardik Modi of Netscout Analyzes the Latest Cybercrime TrendsNetscout is out with its latest...
AT&T Cybersecurity Sets Sights on Threat Intelligence
2019-03-25 21h18
Javvad Malik on New Entity's Role in Cybersecurity MarketAT&T has just re-branded its AlienVault...
ThreatList: Remote Workers Threaten 1 in 3 Organizations
2019-03-25 20h52
More than one-third of surveyed organizations (36 percent) said they have experienced a security...
Oregon Agency Reports Phishing Attack Affecting 350,000
2019-03-25 20h03
Incident Among Largest Health Data Breaches So Far in 2019The Oregon Department of Human...
Microsoft Finds Privilege Escalation, Code Execution Flaws in Huawei Tool
2019-03-25 19h17
Microsoft researchers have identified potentially serious privilege escalation and arbitrary...

securityVulnerabilities by Risk-level

13% Critical
22% High
38% Moderate
27% Low

Vulnerabilities by Vendor

Vendor Last 12 months #
Microsoft
77
Ibm
45
Intel
36
Cisco
31
Apple
30

Latest Vulnerabilities

Input Validation vulnerability in Caret

2019-03-22 04h29
Caret before 2019-02-22 allows Remote Code Execution.

CWE-20 - Input Validation
7.5

Cross-Site Scripting (XSS) vulnerability in S-CMS 1.0

2019-03-22 04h29
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.

CWE-79 - Cross-Site Scripting (XSS)
4.3
5.8

Cross-Site Scripting (XSS) vulnerability in multiple products

2019-03-21 20h29
The wp-live-chat-support plugin before 8.0.18 for WordPress has...

CWE-79 - Cross-Site Scripting (XSS)
4.3

Cross-Site Scripting (XSS) vulnerability in multiple products

2019-03-21 20h29
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.

CWE-79 - Cross-Site Scripting (XSS)
4.3

Latest Critical Vulnerabilities

Path Traversal vulnerability in ENS Webgalamb 7.0

2019-03-21 12h00
In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability...

CWE-22 - Path Traversal
9.0

Deserialization of Untrusted Data vulnerability in Openmrs 2.1

2019-03-21 12h00
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that...

CWE-502 - Deserialization of Untrusted Data
10.0

Permissions, Privileges, and Access Control vulnerability in Solarwinds Serv-U FTP Server 15.1.6

2019-03-21 12h00
SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code...

CWE-264 - Permissions, Privileges, and Access Control
9.0

Input Validation vulnerability in Opensuse Yast2-Printer 4.0.2

2019-03-15 16h29
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape...

CWE-20 - Input Validation
9.3

Permissions, Privileges, and Access Control vulnerability in multiple products

2019-03-13 17h29
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an...

CWE-264 - Permissions, Privileges, and Access Control
10.0

Out-of-bounds Read vulnerability in Tinysvcmdns Project Tinysvcmdns 2018-01-16

2019-03-13 15h29
In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform...

CWE-125 - Out-of-bounds Read
9.4

Command Injection vulnerability in Cisco NX-OS

2019-03-11 17h29
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated,...

CWE-77 - Command Injection
9.0

Path Traversal vulnerability in multiple products

2019-03-11 12h29
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified...

CWE-22 - Path Traversal
9.3

Command Injection vulnerability in Atlassian Sourcetree

2019-03-08 13h29
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before...

CWE-77 - Command Injection
9.3

Command Injection vulnerability in Atlassian Sourcetree

2019-03-08 13h29
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version...

CWE-77 - Command Injection
9.0