PT-2021-3089 · Microsoft · Office +1

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to incorrect management of code generation when processing a COM object Graph in Microsoft Office and Microsoft Office Web Apps. This can be exploited by an...

The vulnerability of the integration component of the Magento Commerce software development and management platform relates to the lack of protection against cross-site request forgery attacks. This allows attackers to perform unauthorized changes to user metadata.

The vulnerability of the integration component of the Magento Commerce software platform for online store development and management is related to the lack of protection against cross-site request forgery attacks. Exploiting this vulnerability allows a malicious actor to perform unauthorized...

Microsoft Office Graph Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...

McAfee ATR Thinks in Graphs | McAfee Blogs

ARCHIVED STORY McAfee ATR Thinks in Graphs By Valentine Mairet · MAR 08, 2021 · 19 MIN READ 0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in...

McAfee ATR Thinks in Graphs | McAfee Blogs

ARCHIVED STORY McAfee ATR Thinks in Graphs By Valentine Mairet · MAR 08, 2021 · 19 MIN READ 0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in...

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

Cross-Site Scripting (XSS)

Overview apexcharts is a modern JavaScript charting library to build interactive charts and visualizations with simple API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields. Recommendation Upgrade to version 3.24.0 or...

The vulnerability of the Apache Struts software platform arises from incorrect processing of Object Graph Navigation Language expressions, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software framework exists due to incorrect processing of expressions written in the Object Graph Navigation Language OGNL. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

CVE-2021-23327

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

CVE-2021-23327

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

Cross site scripting

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

CVE-2021-23327 Cross-site Scripting (XSS)

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields...

OpenCSPM - Open Cloud Security Posture Management Engine

Open Cloud Security Posture Management, OpenCSPM, is an open-source platform for gaining deeper insight into your cloud configuration and metadata to help understand and reduce risk over time. Who is OpenCSPM for? Security teams running infrastructure in cloud environments looking to gain...

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWin...

Denial Of Service (DoS)

jenkins is vulnerable to denial of service DoS. The vulnerability exists as it does not limit sizes provided as query parameters to graph-rendering URLs...

CVE-2021-21607

The CVE-2021-21607 issue affects Jenkins 2.274 and earlier, and Jenkins LTS 2.263.1 and earlier, where graph rendering URLs do not cap the maximum graph size. This can allow crafted or user-requested URLs to exhaust memory, potentially causing Jenkins to experience out-of-memory errors (DoS). A f...

PT-2021-14650 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue allows attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors. This is due to...

[SECURITY] Fedora 33 Update: grafana-7.3.6-1.fc33

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...