CVE-2020-9519

The CVE-2020-9519 entry concerns Micro Focus Service Manager (server) with an exposure of configuration data. Affected versions are 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, and 9.63. The documents indicate the issue arises from handling HTTP methods in web services, enabling partial confid...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

Servicing stack update for Windows 10, version 1903 and 1909: March 10, 2020

Servicing stack update for Windows 10, version 1903 and 1909: March 10, 2020 Summary This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you have a robust and reliable servicing stack so...

End of support for Office 2010

End of support for Office 2010 Support for Office 2010 ended on October 13, 2020 and there will be no extension and no extended security updates.Buy or try Microsoft 365 Tip: Not sure what version of Office you have? See Find details for other versions of Office to help you determine what version...

Description of the security update for Office Online Server: March 10, 2020

Description of the security update for Office Online Server: March 10, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Word software if the program does not correctly handle objects in memory. To learn more about the vulnerability, see the...

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2020:0308-1 Rating: important References: 1165303 Cross-References: CVE-2020-6802 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

Authorization Bypass

smallrye-config is vulnerable to authorization bypass. The vulnerability exists as it improperly restricts the access to utility methods wrapping doPrivileged calls...

New Crypto in Go 1.14

Go 1.14 is out and with it come a few nice updates to crypto/tls! Will this certificate work? Certificate selection in TLS1 is a mess. I was going to try and describe it here to make the point, but I kept getting it wrong and it was even too messy for something just meant to make the point that i...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems

I recently read Forrester's 20-page report "The Total Economic Impact Of Rapid7 InsightVM". It is about the Cost Savings And Business Benefits that Vulnerability Management solution can bring to the organizations. In short, I didn't like everything related to money. It seems like juggling with...

Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals

Cybercrime is as much a people problem as it is a technology problem. To respond effectively, the defender community must harness machine learning to compliment the strengths of people. This is the philosophy that undergirds Azure Sentinel. Azure Sentinel is a cloud-native SIEM that exploits...

CVE-2020-1843

Huawei HEGE-560 version 1.0.1.20SP2, OSCA-550 version 1.0.0.71SP1, OSCA-550A version 1.0.0.71SP1, OSCA-550AX version 1.0.0.71SP2, and OSCA-550X version 1.0.0.71SP2 have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physica...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2109

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

CVE-2020-2109

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2109

CVE-2020-2109 is corroborated by the GHSA entry for Jenkins Pipeline: Groovy Plugin. The vulnerability concerns sandbox protection bypass via default parameter expressions in CPS-transformed methods, affecting Jenkins Pipeline: Groovy Plugin versions 2.78 and earlier. The connected documents iden...

PT-2020-15316 · Jenkins · Jenkins Pipeline: Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2.78 and earlier Description: The issue concerns the Jenkins Pipeline: Groovy Plugin, where sandbox protection can be circumvented. This is possible through default parameter expressions in...

Security update for rubygem-rack (moderate)

openSUSE Security Update: Security update for rubygem-rack Announcement ID: openSUSE-SU-2020:0214-1 Rating: moderate References: 1114828 1116600 1159548 Cross-References: CVE-2018-16471 CVE-2019-16782 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one erra...