PT-2020-4862 · Microsoft · Windows Delivery Optimization +1

Name of the Vulnerable Software and Affected Versions: Windows Delivery Optimization affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows Delivery Optimization service, which can allow an attacker to obtain unauthorized access t...

PT-2020-4815 · Microsoft · Azure Sphere

Name of the Vulnerable Software and Affected Versions: Azure Sphere affected versions not specified Description: The issue is related to a lack of protection for service data in the Azure Sphere operating system. Exploitation of this issue may allow an attacker to gain unauthorized access to the...

Prop 24 passes in California, will change data privacy law

First-day returns in California showed voters firmly approving to change their state’s current data privacy law—which already guarantees certain privacy protections that many states do not—through the passage of Prop 24. As of the morning of November 4, according to The Sacramento Bee, 56.1 perce...

The vulnerability of the SAP Business Objects Business Intelligence Platform lies in the lack of protection for operational data, which allows attackers to exploit this weakness to disclose protected information.

The vulnerability of the SAP Business Objects Business Intelligence Platform relates to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential data, such as catalog structures, thereby exposing tha...

The vulnerability of the SQL Developer Install component of the Oracle Database Server management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SQL Developer Installation component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Java VM component of the Oracle Database Server database management system allows attackers to compromise the integrity of the protected information.

The vulnerability of the Java VM component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

California’s Prop 24 splits data privacy supporters

California’s data privacy house is divided. On the Golden State’s November ballot this year is the question as to whether to amend California’s barely-two-year-old data privacy law, the California Consumer Privacy Act. Far from the first attempt to change the fledgling law, Proposition 24 sets...

Back to the future: What the Jericho Forum taught us about modern security

Some of the earliest formal work on what we now call Zero Trust started around in a security consortium known as the Jericho Forum which later merged into The Open Group Security Forum. This started as a group of like-minded CISOs wrestling with the limitations of the dominant and unquestioned...

OPENSUSE-SU-2020:1752-1 Recommended update for mailman

This update for mailman to version 2.1.34 fixes the following issues: - The fix for lp1859104 can result in ValueError being thrown on attempts to subscribe to a list. This is fixed and extended to apply REFUSESECONDPENDING to unsubscription as well. lp1878458 - DMARC mitigation no longer misses ...

The vulnerability in the net/bluetooth/a2mp.c component of Linux operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the net/bluetooth/a2mp.c component in Linux operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using specially crafted AMP packe...

The vulnerability of the Undertow web server arises from insufficient protection of registration data, allowing attackers to disclose sensitive information.

The vulnerability of the Undertow web server is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

Update Rollup 10 for System Center 2016 Data Protection Manager

Update Rollup 10 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 10 for Microsoft System Center Data Protection Manager 2016. This article also contains the installation instructions for this update.Note: Existing Data...

OPENSUSE-SU-2020:1678-1 Security update for crmsh

This update for crmsh fixes the following issues: - Fixed startdelay with start-delaybsc1176569 - fix onfail should be on-failbsc1176569 - config: Try to handle configparser.MissingSectionHeaderError while reading config file - uiconfigure: Obscure sensitive data by defaultbsc1163581 This update...

CVE-2020-9913

This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information...

CVE-2020-9913

This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information...

Information disclosure

This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information...

CVE-2020-9913

This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information...

CVE-2020-9913

CVE-2020-9913 affects macOS Catalina (Heimdal component). The issue could allow a local user to leak sensitive user information. Apple describes the fix as part of macOS Catalina 10.15.6 (Security Update 2020-004 Mojave/High Sierra entries mirror), addressing a memory/data protection issue. Remed...

The vulnerability of the command-line interface of the Cisco AsyncOS operating system allows a hacker to gain unauthorized access to protected information. This vulnerability is exploitable by attackers who target the Cisco Email Security Appliance for security management and the Cisco Content Security Management Appliance for content management systems.

The vulnerability of the Cisco AsyncOS command-line interface for the Cisco Email Security Appliance and the Cisco Content Security Management Appliance security management system is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker,...

The vulnerability of the MESSAGING and SAP_XIAF components of the software for integrating corporate applications in SAP NetWeaver Process Integration allows a hacker to disclose protected information.

The vulnerability of the MESSAGING and SAPXIAF components of the SAP NetWeaver Process Integration software lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...