PT-2025-3750 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to insufficient protection of service data in the Android operating system's Framework component. This could allow an attacker to disclose protected information...

PT-2024-7177 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a lack of protection for service data in Microsoft Exchange Server, which can be exploited to disclose protected information. Recommendations: At t...

PT-2024-7558 · Omron · Sysmac Studio

Name of the Vulnerable Software and Affected Versions: Sysmac Studio affected versions not specified Description: The issue is related to an incorrect authorization vulnerability in Sysmac Studio, which can be exploited by an attacker to access programs protected by the Data Protection function...

The vulnerability of the BitLocker data protection function in Microsoft Windows operating systems allows attackers to circumvent security restrictions.

The vulnerability of the BitLocker data protection function in Microsoft Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability of the Code Integrity Guard function in Microsoft Windows operating systems allows a perpetrator to circumvent security restrictions.

The vulnerability of the Code Integrity Guard function in Microsoft Windows operating systems is related to a violation of data protection mechanisms. Exploiting this vulnerability can allow attackers to circumvent security restrictions...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages, related to insufficient protection of sensitive data, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of the blkpg_do_ioctl() function (block/ioctl.c) in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the blkpgdoioctl function block/ioctl.c in the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

PT-2024-39406 · WordPress · Gdpr-Extensions-Com – Consent Manager

Name of the Vulnerable Software and Affected Versions: GDPR-Extensions-com – Consent Manager plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping...

PT-2024-6807 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a security feature bypass in the BitLocker data protection function of Microsoft Windows operating systems. This bypass is due to a disruption in the data...

PT-2024-6776 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a security feature bypass vulnerability in the Code Integrity Guard function of Microsoft Windows operating systems. This vulnerability is associated with ...

PT-2024-8135 · Unknown · Harmony Industrial Pc Series

Name of the Vulnerable Software and Affected Versions: Harmony Industrial PC series affected versions not specified Description: The issue is related to the exposure of sensitive information to an unauthorized actor, which could cause exposure of credentials when an attacker has access to the...

Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization. This has led to a greater need for reliable data security and user-friendly interfaces. Without these measures, organizations are at risk of experiencing data breache...

E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads

Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating ...

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the EC2 Cloud Profile module in the Continuous Integration and Delivery application delivery system of JetBrains TeamCity allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the EC2 Cloud Profile module in the Continuous Integration and Delivery application delivery system CI/CD of JetBrains TeamCity is related to insufficient protection for registration data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain...

Security Bulletin: IBM Watson Query on IBM Cloud does not govern all of the columns of a published object

Summary IBM Watson Query on IBM Cloud integrates with IBM Knowledge Catalog IKC - formerly Watson Knowledge Catalog WKC - to enforce data protection rules on governed objects. When you publish objects from Watson Query to catalogs or projects, only the first 100 columns are registered in the...

Advisory ROSA-SA-2024-2497

Software: python-urllib3 1.24.2 OS: ROSA Virtualization 2.1 packageevrstring: python-urllib3-1.24.2-8.rv3 CVE-ID: CVE-2020-26137 BDU-ID: 2021-05230 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the urllib3 module method of the Python programming language interpreter is related to insufficient...

Advisory ROSA-SA-2024-2481

Software: java-11-openjdk 11.0.23.0.9 OS: rosa-server79 packageevrstring: java-11-openjdk-11.0.23.0.9-2.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK,...

Advisory ROSA-SA-2024-2480

Software: java-1.8.0-openjdk 1.8.0.412.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.412.b08-1.res7 CVE-ID: CVE-2024-20918 BDU-ID: 2024-00485 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM...

Cisco Identity Services Engine Information Disclosure (cisco-sa-ise-info-disc-ZYF2nEEX)

According to its self-reported version, Cisco Identity Services Engine Information Disclosure is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information...