The vulnerability of VMware vCenter Server’s software for managing virtual infrastructure lies in the lack of protection for operational data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the software for managing virtual infrastructure in VMware vCenter Server is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Top insights and best practices from the new Microsoft Data Security Index report

A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...

Important: Red Hat Security Advisory: OpenShift API for Data Protection security update

An update is now available for OADP-1.2-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.14 security and bug fix update

OpenShift API for Data Protection OADP 1.0.14 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: OpenShift API for Data Protection security update

An update is now available for OADP-1.1-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

PT-2023-20750 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns an unauthenticated SQL injection in the GetCurrentPeriod method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...

PT-2023-20749 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns an unauthenticated SQL injection in the GetExcursionDetails method. This allows unauthenticated attackers to extract or modify all data. Recommendations: For...

PT-2023-7604 · Apple · Macos Sonoma +5

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 10.1 iPadOS versions prior to 17.1 and prior to 16.7.2 iOS versions prior to 17.1 and prior to 16.7.2 macOS Ventura versions prior to 13.6.1 macOS Sonoma versions prior to 14.1 Description: A privacy issue is related...

PT-2023-8354 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.1 Description: The issue is related to a lack of protection for sensitive user data, which may allow an app to access it. An attacker could exploit this to execute arbitrary commands. The issue was addressed with...

PT-2023-6425 · Vmware · Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: vCenter Server versions affected versions not specified Description: The issue is related to a partial information disclosure vulnerability in vCenter Server. It may allow a malicious actor with non-administrative privileges to access...

Advisory ROSA-SA-2023-2269

Software: vsftpd 3.0.5 OS: ROSA-CHROME packageevrstring: vsftpd-3.0.5-1.src.rpm CVE-ID: CVE-2021-3618 BDU-ID: 2022-00351 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the vsftpd FTP server is related to a lack of protection for transmitted data. Exploitation of the vulnerability could allow an...

The vulnerability of Juniper Networks’ Junos OS Evolved operating system, related to the lack of protection for service data, allows attackers to disclose protected information.

The vulnerability of Juniper Networks’ Junos OS Evolved operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information using the “file copy” command...

The vulnerability of the Web Listener component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Listener component of the Oracle HTTP Server is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the DirSync synchronization mechanism in the Samba networking communication software package allows a intruder to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the DirSync synchronization mechanism in the Samba networking communication software package is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information and...

The vulnerability of the Nginx module NAXSI, related to the violation of data protection mechanisms, allows attackers to circumvent existing security restrictions.

The vulnerability of the Nginx module NAXSI is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker, operating remotely, to circumvent existing security restrictions...

The vulnerability of the urllib3 module in the Python programming language allows attackers to exploit it to disclose protected information.

The vulnerability of the urllib3 module in the Python programming language is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information that is protected by this module...

The vulnerability of the SAP S/4HANA software platform, related to the lack of protection for operational data, allows attackers to disclose protected information.

The vulnerability of the SAP S/4HANA software platform is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

PT-2023-6525 · Hewlett Packard · Hp Print/Scan Doctor For Windows

Name of the Vulnerable Software and Affected Versions: HP Print and Scan Doctor for Windows affected versions not specified Description: The issue is related to insufficient protection of service data, which may allow an attacker to escalate their privileges. HP is releasing software updates to...

The vulnerability of the application programming interface of the Oracle Enterprise Command Center Framework, a system for automating business operations in enterprises, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the application software interface implementation of the Oracle Enterprise Command Center Framework of the Oracle E-Business Suite system for enterprise automation activities is related to insufficient verification of input data. Exploiting this vulnerability can allow an...

PT-2023-6273 · Oracle · Oracle Http Server

Name of the Vulnerable Software and Affected Versions: Oracle HTTP Server version 12.2.1.4.0 Description: The issue is related to a lack of protection for service data in the Web Listener component of Oracle HTTP Server. This allows an unauthenticated attacker with network access via HTTP to...