PT-2023-4268 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.7.9 macOS versions prior to 12.6.8 macOS versions prior to 13.5 Description: The issue is related to insufficient access control in the macOS operating system, which may allow an app to modify protected parts of the...

macOS 12.x < 12.6.8 Multiple Vulnerabilities (HT213844)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.8. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS...

macOS 13.x < 13.5 Multiple Vulnerabilities (HT213843)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.5. It is, therefore, affected by multiple vulnerabilities: - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A...

About the security content of macOS Big Sur 11.7.9

About the security content of macOS Big Sur 11.7.9 This document describes the security content of macOS Big Sur 11.7.9. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of macOS Monterey 12.6.8

About the security content of macOS Monterey 12.6.8 This document describes the security content of macOS Monterey 12.6.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of macOS Ventura 13.5

About the security content of macOS Ventura 13.5 This document describes the security content of macOS Ventura 13.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

IBM Security Guardium License Issue Vulnerability (CNVD-2023-68784)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An authorization issue vulnerability exists in IBM Security...

IBM Security Guardium Input Validation Error Vulnerability

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An input validation error vulnerability exists in IBM...

Multiple Extortion: An Existential Threat

Explore effective strategies and comprehensive cybersecurity measures to protect your organization’s data from increasingly sophisticated cybercrimes...

The vulnerability of the Python Requests HTTP request library relates to insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Python Requests HTTP request library is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

PT-2023-4026 · Oracle · Oracle Business Intelligence Enterprise Edition

Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 6.4.0.0.0 Description: The issue is related to errors in processing input data in the Visual Analyzer component of Oracle Business Intelligence Enterprise Edition. This can allow a remot...

The vulnerability of the audit log of the Cisco Duo Authentication Proxy, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Duo Authentication Proxy audit log relates to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the VP9 video compression extension lies in its insufficient protection of service data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the VP9 video compression extension lies in the insufficient protection of service data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information by downloading a specially created malicious file...

PT-2023-24235 · Dpa · Dpa

Name of the Vulnerable Software and Affected Versions: DPA version 2023.2 Description: The issue is related to an XSS attack that was possible due to insufficient input validation. Recommendations: For DPA version 2023.2, update to a version that includes sufficient input validation to prevent XS...

Defend Against Insider Threats: Join this Webinar on SaaS Security Posture Management

As security practices continue to evolve, one primary concern persists in the minds of security professionals—the risk of employees unintentionally or deliberately exposing vital information. Insider threats, whether originating from deliberate actions or accidental incidents, pose a significant...

Security Bulletin: Vulnerabilities in IBM Java affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2022-21426, CVE-2023-21830, CVE-2023-21843)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by vulnerabilities in IBM Java. The vulnerabilities can lead to denial of servic...

The vulnerability in the implementation of the Bluetooth Classic protocol, as specified in the Bluetooth Core Specification, allows a perpetrator to disclose protected information.

The vulnerability of the Bluetooth Classic protocol implementation, as described in the Bluetooth Core Specification, is related to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of the TrustZone subsystem’s networking (netdev) component in Qualcomm embedded operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the TrustZone subsystem for networking functions in Qualcomm embedded systems’ operating systems lies in the insufficient protection of sensitive data during the analysis of peripheral channels. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

Charting a Course for the Modern Cloud

...

PT-2023-3820 · Microsoft · Postscript/Pcl6 Class Printer Driver +1

Name of the Vulnerable Software and Affected Versions: Microsoft PostScript and PCL6 Class Printer Driver affected versions not specified Description: The issue is related to insufficient protection of service data in the Microsoft PostScript and PCL6 Class Printer Driver, which can be exploited ...