July 18, 2018—KB4338821 (Preview of Monthly Rollup)

July 18, 2018—KB4338821 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4338818 released July 10, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses...

July 18, 2018—KB4338816 (Preview of Monthly Rollup)

July 18, 2018—KB4338816 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4338830 released July 10, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses...

July 10, 2018—KB4338819 (OS Build 17134.165)

July 10, 2018—KB4338819 OS Build 17134.165 Note This release also contains updates for Microsoft HoloLens OS Build 17134.165 released July 10, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes...

July 10, 2018—KB4338825 (OS Build 16299.547)

July 10, 2018—KB4338825 OS Build 16299.547 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that, in some cases, causes the wrong IME mode to be chosen on an IME-active...

July 10, 2018—KB4338830 (Monthly Rollup)

July 10, 2018—KB4338830 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4284852 released June 21, 2018 and addresses the following issues: Provides protections from an additional subclass of speculative execution side-channel...

July 10, 2018—KB4338829 (OS Build 10240.17914)

July 10, 2018—KB4338829 OS Build 10240.17914 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections for an additional vulnerability involving side-channel speculative executi...

Qualys Cloud Platform (VM, SCA, PC) 8.14 New Features

This new release of the Qualys Cloud Platform VM, SCA, PC, version 8.14, includes several new feature improvements across the apps such as Wallix AdminBastion support, EC2 scan improvements, VM reporting improvements, ESX/ESXi PC support for vCenter, PC STIG Report, and expanded technology suppor...

Security Bulletin: A security vulnerability has been identified in IBM Tivoli Storage Manager that affects multiple IBM Tivoli Storage products (CVE-2016-0371)

Summary The IBM Tivoli Storage Manger Client/API is used as a component of IBM Tivoli Storage FlashCopy Manager for Windows, IBM Tivoli Storage Manager HSM for Windows, IBM Tivoli Storage Manager for Databases, IBM Tivoli Storage Manager for Mail, and IBM Tivoli Storage Manager for Virtual...

Security Bulletin: SQL Server Password Disclosure via IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server and IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server (CVE-2016-3059)

Summary When using IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server or IBM Tivoli Storage FlashCopy Manager for Microsoft SQL Server, the Microsoft SQL Server's user ID and password is presented in plain text via task completion status details available within th...

Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (CVE-2016-2542)

Summary InstallShield generates installation executables which are vulnerable to a DLL-planting that affects IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server IBM Spectrum Protect for Databases on Windows platforms. Vulnerability Details CVEID: CVE-2016-2542...

Security Bulletin: Additional Password Disclosure via application tracing in FlashCopy Manager on Windows, Data Protection for Exchange, and Data Protection for SQL CVE-2015-7404

Summary The Tivoli Storage Manager TSM password is displayed in plain text via application trace output when the "Change TSM Password" changetsmpassword command is used and application tracing is enabled. Vulnerability Details CVEID: CVE-2015-7404 DESCRIPTION: When using one of the following...

PT-2018-3902 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.11 and prior Description: The issue is related to insufficient access control in the MySQL Server component, specifically in the Shell: Core / Client subcomponent. This allows an attacker with low privileges and logo...

Security Bulletin: A security vulnerability has been identified in Micosoft SQL Server Express shipped with IBM Robotic Process Automation with Automation Anywhere CVE-2014-3566

Summary Microsoft SQL Server Express 2014 is shipped with IBM Robotic Process Automation with Automation Anywhere. Information about a security vulnerability affecting Microsoft SQL Server Express 2014 has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

Virtualization-based security (VBS) memory enclaves: Data protection through isolation

The escalating sophistication of cyberattacks is marked by the increased use of kernel-level exploits that attempt to run malware with the highest privileges and evade security solutions and software sandboxes. Kernel exploits famously gave the WannaCry and Petya ransomware remote code execution...

CVE-2016-10554

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

Code injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...