CVE-2023-1203

CVE-2023-1203 affects Devolutions Remote Desktop Manager PowerShell Module, Hub Business submodule. The vulnerability stems from improper removal of sensitive data during entry edits, allowing an authenticated user to access sensitive data on entries edited with the affected submodule. Affected v...

The vulnerability of the Grafana data visualization web tool lies in the lack of protection for operational data, allowing attackers to gain access to the current user’s session.

The vulnerability of the Grafana data processing web tool is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the current user’s session...

Dell PowerScale OneFS Resource Management Error Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is vulnerable to a resource management error that stems from the presence of uncontrolled resource consumption, which could be exploited by an attacker to compromise built-in hardware management functions and...

CVE-2023-23689

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data...

Denial of service

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data...

CVE-2023-23689

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data...

Application Security vs. API Security: What is the difference?

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs Application Programming Interfaces. With that said, application security and API security are two critical components of a...

Application Security vs. API Security: What is the difference?

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs Application Programming Interfaces. With that said, application security and API security are two critical components of a...

Healthcare Organizations Must Balance Cybersecurity with Other Priorities

Porter Research finds that today’s healthcare organizations must balance investments in data protection with resources they need to provide high-quality care...

Cybersecurity health and how to stay ahead of attackers with Linda Grasso

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Linda Grasso, the...

Four EU telco giants will start asking users if they want personalized targeted ads

They say you can't have too much of a good thing. Unfortunately, this applies to ads, too, whether you think they're a good thing or not. Soon, Europes four biggest telecommunication companies--Germany's Deutsche Telekom DK, France's Orange, Spain's Telefonica, and the UK's Vodafone Group--will...

Microsoft shifts to a comprehensive SaaS security solution

Software as a service SaaS apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations. Today, 59 percent of security professionals find the SaaS sprawl challenging to manage1 and have identified cloud...

The vulnerability of the vRealize Log Insight log management tool lies in the lack of protection for operational data, which allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the vRealize Log Insight log management tool is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device...

The vulnerability of the Samba networking communication package lies in the lack of protection for service data, which allows attackers to disclose the protected information.

The vulnerability of the Samba networking communication package is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a brute-force attack...

The vulnerability of the IBM Robotic Process Automation software lies in its insufficient protection of registration data, allowing attackers to disclose protected information.

The vulnerability of the IBM Robotic Process Automation software lies in the insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of the command-line interface of the network traffic analysis and detection tool, Cortex XDR Agent, for operating systems based on Windows, allows a perpetrator to execute arbitrary commands.

The vulnerability of the command-line interface of the network traffic analysis, network detection, and response tool Cortex XDR Agent for Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary...

One in nine online stores are leaking your data, says study

eCommerce security company Sansec has revealed it's found a number of online stores accidentally leaking highly sensitive data. After studying 2,037 online stores, the company found that 12.3 percent exposed compressed files in ZIP, SQL, and TAR archive formats, which BleepingComputer noted appea...

PT-2023-6855 · Microsoft · Azure Machine Learning

Name of the Vulnerable Software and Affected Versions: Azure Machine Learning affected versions not specified Description: The issue is related to a lack of protection for service data in Azure Machine Learning, which can allow a remote attacker to gain unauthorized access to protected informatio...

The vulnerability of the MySQL Connector/J component of the Apache Linkis application connection, management, and orchestration software allows a hacker to gain read access to arbitrary files.

The vulnerability of the MySQL Connector/J component of the Apache Linkis application programming interface, which involves connection management and orchestration, stems from insufficient protection of sensitive data when processing the AllowLoadLocalInfile parameter with a value of true...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.7 security and bug fix update

OpenShift API for Data Protection OADP 1.0.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...