The vulnerability in the driver drivers/net/can/usb/peak_usb/pcan_usb_pro.c of the Linux operating system allows a hacker to disclose protected information.

The vulnerability in the driver drivers/net/can/usb/peakusb/pcanusbpro.c of the Linux operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system, a simulation-based application of Oracle Financial Services, allows a perpetrator to gain unauthorized access to protected data or compromise the integrity of protected information.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system, a simulation-based application of Oracle Financial Services, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating...

The vulnerability of the Central Management Console component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Central Management Console component of the SAP BusinessObjects Business Intelligence platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to exploit it to disclose protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

Vulnerability of the driver drivers/net/can/usb/peak_usb/pcan_usb_core.c in the Linux operating system, which allows a hacker to disclose protected information

The vulnerability in the drivers/net/can/usb/peakusb/pcanusbcore.c file of the Linux operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

Geocoder gem for Ruby contains possible SQL injection vulnerability

sql.rb in Geocoder allows Boolean-based SQL injection when withinboundingbox is used in conjunction with untrusted swlat, swlng, nelat, or nelng data...

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to exploit it to disclose protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the authentication and access control application of IBM Security Identity Manager, related to database storage deficiencies, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Security Identity Manager application for user identification and access control is related to deficiencies in the storage of user credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the implementation of the Intel Transactional Synchronization Extensions (TSX) technology in microprogramming software for Intel processors allows a hacker to disclose protected information.

The vulnerability of the Intel Transactional Synchronization Extensions TSX implementation in Intel microcomputer software is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information by launching attacks through...

Changing the monolith—Part 2: Whose support do you need?

In Changing the monolith—Part 1: Building alliances for a secure culture, I explored how security leaders can build alliances and why a commitment to change must be signaled from the top. But whose support should you recruit in the first place? In Part 2, I address considerations for the...

PT-2020-1465 · Oracle · Oracle Autovue

Name of the Vulnerable Software and Affected Versions: Oracle AutoVue version 21.0.2 Description: The issue is related to a lack of protection for service data in the Security component of Oracle AutoVue, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle...

Making Compliance and Risk Part of DevOps – 2020 Trend #4

In our 2020 Trends blog, Imperva CTO Kunal Anand predicts that fully automated processes will make compliance more rapid and less expensive. As businesses incorporate security into software development lifecycles SDLC, continuous integration-continuous deployment CICD processes will reduce risk a...

Microsoft 365 helps governments adopt a Zero Trust security model

For governments to function, the flow of data on a massive scale is required—including sensitive information about critical infrastructure, citizens, and public safety and security. The security of government information systems is subject to constant attempted attacks and in need of a modern...

The vulnerability of the SAP Landscape Management automation system, related to insufficient protection of registration data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP Landscape Management automation system is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the McAfee Total Protection antivirus protection lies in the lack of protection for service data, allowing attackers to gain unauthorized access to the list of excluded files and modify it.

The vulnerability of the McAfee Total Protection antivirus protection lies in the lack of protection for service data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the list of excluded files and modify it...

Vulnerability of SAP SQL Anywhere, SAP IQ, and SAP Dynamic Tiering database management systems, related to insufficient protection of registration data, allows unauthorized access by attackers to protected information.

The vulnerability of SAP SQL Anywhere, SAP IQ, and SAP Dynamic Tiering database management systems is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

USB Cable Kill Switch for Laptops

BusKill is designed to wipe your laptop Linux only if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the...

IoT Company Wyze Leaks Emails, Device Data of 2.4M

An exposed Elasticsearch database, owned by Internet of Things IoT company Wyze, was discovered leaking connected device information and emails of millions of customers. Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be integrated with smart home...

QIWI: Keychain data persistence may lead to account takeover

Summary When user deletes Qiwi iOS application Keychain isn't wiped and on first Qiwi launch after re-installation Keychain isn't wiped as well. It allows an attacker possible buyer of second hand Iphone to takeover account. Steps to reproduce 1. Find somebody who uses Qiwi phone enumeration may...