CVE-2020-11922

CVE-2020-11922 affects WiZ Colors A60 (1.14.0). The vulnerability is an information disclosure where the device sends unnecessary data to the cloud controller server, including the local IP address and the SSID of the connected Wi‑Fi network. The data is encrypted, and the impact is privacy-relat...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server, related to security flaws in data protection, allows attackers to gain unauthorized access to protected information.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information remotely...

The vulnerability of the Microsoft Quantum Development Kit for Visual Studio Code, related to the lack of data protection for service data, allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Quantum Development Kit for Visual Studio Code, which is used for developing and optimizing quantum computing applications, relates to the lack of protection for application data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Network Address Translation (NAT) technology implementation in Windows operating systems allows a hacker to induce a service failure.

The vulnerability of the Network Address Translation NAT technology implementation in Windows operating systems is related to security flaws in service data protection. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the Microsoft Visual Studio Code ESLint Extension lies in the lack of protection for service data, allowing a malicious actor to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio Code ESLint Extension lies in the lack of protection for service data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Women in Security Part 6: Meet Nandini De, Director of Engineering

This post is part of our Women’s History Month series - follow along with us on Twitter @VMwareCarbonBlack To conclude Women’s History Month, we are thrilled to bring you the last spotlight of our Women in Security series. It’s been an honor to highlight the outstanding women in the VMware Securi...

Mimecast: SolarWinds Attackers Stole Source Code

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the...

IBM Security Guardium Elevation of Privilege Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An elevation of privilege vulnerability exists in IBM Security Guardiu...

The vulnerability of the ZyXEL P-1302-T10 v3 router’s microprogramming software, related to deficiencies in data protection, allows attackers to exploit their privileges.

The vulnerability of the ZyXEL P-1302-T10 v3 router’s microprogramming software is related to deficiencies in data protection. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...

The vulnerability of the configuration of Siemens SICAM integrated web-server microprogramming software for remote terminals allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the configuration of the integrated web-server microprogramming software for Siemens SICAM remote terminals is related to insufficient data protection. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected information...

The vulnerability of the settings.cfg.viw configuration file of the device management application for Mikrotik RouterOS WinBox allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the settings.cfg.viw configuration file of the device management application for Mikrotik RouterOS WinBox is related to insufficient protection of registration data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An elevation of privilege vulnerability exists in IBM Security Guardiu...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to gain unauthorized access to protected information.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created HTML...

Protecting Your Data from Cyber Extortion: Lessons from the Latest Mega-hack

At the end of last year, enterprise firewall company Accellion was the victim of a two-phase SQL injection attack that resulted in significant sensitive data breaches over the last number of months. This attack is important for several reasons. It underscores the rise in frequency of incidents...

PT-2021-2416 · Microsoft · Quantum Development Kit

Name of the Vulnerable Software and Affected Versions: Microsoft Quantum Development Kit for Visual Studio Code affected versions not specified Description: The issue is related to a lack of protection for service data in the Microsoft Quantum Development Kit for Visual Studio Code. This can allo...

PT-2021-2411 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient protection of internal data in Microsoft SharePoint Server, which can be exploited by a remote attacker to gain unauthorized access ...

PT-2021-2403 · Microsoft · Visual Studio Code Eslint Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code ESLint Extension affected versions not specified Description: The issue is related to a lack of protection for internal data in the Microsoft Visual Studio Code ESLint Extension. Exploitation of this issue may allow an...

PT-2021-2401 · Microsoft · Windows Media Photo Codec +1

Name of the Vulnerable Software and Affected Versions: Windows Media Photo Codec affected versions not specified Description: The issue is related to insufficient protection of service data in the Windows Media Photo Codec component, which can allow an attacker to gain unauthorized access to...

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730, DriveLogix 1794-L34, Compact GuardLogix 5370, Compact GuardLogix 5380, GuardLogix 5570, GuardLogix 5580, and SoftLogix 5800 stem from insufficient protection of registration data. This allows attackers to elevate their privileges and alter the configuration of vulnerable devices.

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730,...

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...