USN-4729-1 openvswitch vulnerability

Joakim Hindersson discovered that Open vSwitch incorrectly parsed certain network packets. A remote attacker could use this issue to cause a denial of service, or possibly alter packet classification...

Automating and operationalizing data protection with Dataguise and Microsoft Information Protection

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In technical literature, the terms data discovery, classification, and tagging are sometimes used interchangeably, but there are real differences in what they actually mean—and each...

Automating and operationalizing data protection with Dataguise and Microsoft Information Protection

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In technical literature, the terms data discovery, classification, and tagging are sometimes used interchangeably, but there are real differences in what they actually mean—and each...

Manage, govern, and get more value out of your data with Azure Purview

Data is the currency of today’s economy. Data is being created faster than ever in more locations than organizations can track. In fact, IDC has predicted that global data will grow to more than 175 zettabytes by 2025. To put that into context, that’s 175 trillion 1GB USB drives. At the same time...

Manage, govern, and get more value out of your data with Azure Purview

Data is the currency of today’s economy. Data is being created faster than ever in more locations than organizations can track. In fact, IDC has predicted that global data will grow to more than 175 zettabytes by 2025. To put that into context, that’s 175 trillion 1GB USB drives. At the same time...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2019. Vulnerability Details CVEID: CVE-2019-10241...

Security Bulletin: Eclipse Jetty (Publicly disclosed vulnerability) affects Content Classifaction

Summary Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creation of the temporary subdirectory. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Content Classification

Summary There is vulnerability in IBM® SDK Java Technology Edition, Version 6 and IBM® Runtime Environment Java Version 7 used by IBM Content Classification. These issues were disclosed as part of the IBM Java SDK updates in Jul 2020. Vulnerability Details CVEID: CVE-2020-14621 DESCRIPTION: An...

Security Bulletin: IBM Content Classification is affected by a Eclipse Jetty (Publicly disclosed vulnerability)

Summary In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output. Vulnerability Details CVEID:...

kernel: use-after-free in route4_change() in net/sched/cls_route.c

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. T...

SQL Injection

pimcore is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements on the database via the data classification functionality in ClassificationstoreController, due to inadequate validation of relationIds parameter...

CVE-2020-7759

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...

CVE-2020-7759

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...

Sql injection

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...

CVE-2020-7759 SQL Injection

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...

SQL Injection

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the...

Android Security Bulletin—October 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-10-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2020-15196 via tensorflow-gpu (>=1.10.1 <=2.3.0)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2020-15196 Source advisory: OSV:PYSEC-2020-311...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-15209 via tensorflow-gpu (>=1.10.1 <=1.15.3)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-15209 Source advisory: OSV:PYSEC-2020-324...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-15202 via tensorflow-gpu (>=1.10.1 <=1.15.3)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-15202 Source advisory: OSV:GHSA-H6FG-MJXG-HQQ4...