6094 matches found
Windows Runtime Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...
Veeam Backup for Microsoft 365 4c cumulative patch KB3222
This patch has been superseded by Veeam Backup for Microsoft 365 4c cumulative patch KB4083. Requirements Please confirm you are running Veeam Backup for Microsoft 365 build 4.0.1.531 prior to installing this cumulative patch KB3222. You can check this under Help About in Veeam Backup for Microso...
Veeam Service Provider Console v4 Patch 1 (build 4911)
Challenge Veeam Service Provider Console v4 Patch 1. This patch is superseded by the Patch 2 Cause Please confirm you are running version 4.0.0.4877 before installing this Patch 1. You can check this under Windows Programs and features. After upgrading, your build will be version 4.0.0.4911. As a...
Lark Technologies: Stored xss in larksuite internal helpdesk and other user's helpdesk.
A stored XSS cross site scripting vulnerability was found which an attacker could have potentially used to obtain access to the internal team's help desk and view submitted user tickets. We have resolved this issue and thank @imrannisar for reporting this to our team...
Shadowserver, an Internet Guardian, Finds a Lifeline
Ten weeks ago, Shadowserver's main source of funding dried up. Now it's back on level footing...
8x8: vidyard api auth_token exposed
The third party content provider for the domain www.8x8.com had inadvertently disclosed the API token for Vidyard. Access was resolved and the token replaced...
CVE-2020-13153
app/View/Events/resolvedattributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view...
CVE-2020-13153
app/View/Events/resolvedattributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view...
Design/Logic Flaw
app/View/Events/resolvedattributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view...
CVE-2020-13153
Summary: CVE-2020-13153 affects MISP prior to 2.4.126, with a cross-site scripting (XSS) vulnerability in the file app/View/Events/resolved_attributes.ctp used to render the resolved attributes view. Affected software/component: MISP (the resolved attributes view) before version 2.4.126. Root cau...
Service Update 0.16 for Microsoft Dynamics 365 9.0
Service Update 0.16 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.16 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.16. MORE INFORMATION Update package| Version number ---|---...
Microsoft Dynamics 365 (on-premises) Update 2.18
Microsoft Dynamics 365 on-premises Update 2.18 Introduction Service Update 2.18 for Microsoft Dynamics CRM on-premises 8.2 is now available. This article describes the hotfixes and updates that are included in Service Update 2.18. More Information Update package| Version number ---|--- Microsoft...
Rockstar Games: Referer Referer Header Leakage in language changer may lead to FB token theft
In this report, the researcher discovered an open redirect vulnerability that could be exploited by changing the language on the page at https://www.rockstargames.com/GTAOnline, and cause the user's full URL potentially including sensitive tokens to be included in the Referer header to the new...
JetBrains Security Bulletin Q1 2020
FYI News Security JetBrains Security Bulletin Q1 2020 Robert Demmer In the first quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity |...
Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4484299) farm-deployment
A security vulnerability exists in Microsoft SharePoint Enterprise Server 2016 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
CVE-2020-9004
A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and...
October 2016 Preview of Monthly Quality Rollup for Windows Server 2012
October 2016 Preview of Monthly Quality Rollup for Windows Server 2012 The October 2016 Preview of Monthly Quality Rollup includes improvements and fixes for the Windows Server 2012 platform. We recommend that you apply this quality rollup as part of your regular maintenance routines. Improvement...
Veeam Backup for Microsoft 365 4b cumulative patch KB3119
Challenge Veeam Backup for Microsoft 365 4b cumulative patch KB3119. Please note that Veeam Backup for Microsoft 365 4с is now available and contains all the resolved issues from Veeam Backup for Microsoft 365 4b. Cause Please confirm you are running Veeam Backup for Microsoft 365 4b build...
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
Glassdoor: web.xml configuration file disclosure
Information disclosed via https://www.glassdoor.com/web.xml which has been resolved. Thanks, @stregh for your report and find. Looking forward to more reports from you. CVE-2021-34429 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N...