Get deeper into security at Microsoft Ignite 2018

This year at Microsoft Ignite, we will be making some exciting announcementsfrom new capabilities for identity management and information protection to powerful artificial intelligence AI innovations that can help you stay ahead of an often overwhelming surge in threats and security alerts. Join ...

Jumpstart your Microsoft Graph Security API integration with the new JavaScript sample app

The Microsoft Graph Security API, which launched this spring, is a unified REST API for integrating data and intelligence from Microsoft products, services, and partners. Using Microsoft Graph, developers can easily build applications that consolidate and correlate security alerts from multiple...

Partnerships power the future of better security

This post is authored by Jeremy Dallman, Principal Program Manager. Our goal in building the Microsoft Graph Security API is to enable customers to share insights and take action across security solutions to improve protection and speed response. By creating a connected security ecosystem,...

Connect to the Intelligent Security Graph using a new API

Most organizations deal with high volumes of security data and have dozens of security solutions in their enterprise, making the task of integrating various products and services daunting and complex. The cost, time, and resources necessary to connect systems, enable correlation of alerts, and...

Tapping the intelligent cloud to make security better and easier

There has been a distinct shift in my conversations with customers over the last year. Most have gone from asking can we still keep our assets secure as we adopt cloud services?, to declaring, we are adopting cloud services in order to improve our security posture. The driving factor is generally...

UBUNTU-CVE-2015-4734

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS...

CVE-2015-4648

Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API PS-API ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method...

CVE-2015-4647

Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API PS-API ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the 1 FilePassword property or to the 2 GetStringInfo method...

Stack overflow

Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API PS-API ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method...

CVE-2015-4648

Panasonic Security API SDK (ipropsapivideo) contains a stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control’s MulticastAddr method. The underlying flaw is a lack of boundary checks on a long string passed to MulticastAddr, enabling remote code execution. Affected component...

CVE-2015-4647

CVE-2015-4647 concerns the Panasonic Security API SDK’s Ipropsapi ActiveX Control . Multiple stack-based buffer overflows exist in the GetStringInfo method and the FilePassword property, exploitable by supplying a very long string. This could allow a remote attacker to execute arbitrary code in t...

Panasonic Security API SDK Stack Buffer Overflow Vulnerability

The Panasonic Security API SDK is a webcam API interface development kit SDK from Panasonic Japan. A stack buffer overflow vulnerability exists in the 'GetStringInfo' method of the Panasonic Security API SDK. A remote attacker could exploit the vulnerability by setting the value of the...

postgresql: unanticipated errors from the standard library

It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail for example, memory exhaustion, an authenticated user could possibly exploit this flaw to disclose...

Panasonic Security API SDK ipropsapivideo ActiveX Control MulticastAddr Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Security API. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Panasonic Security API SDK Ipropsapi ActiveX Control GetInfoString Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of the Panasonic Security API SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in...

DEBIAN-CVE-2014-0132

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind...

CVE-2013-5960

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic...

CVE-2013-5679

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

elinks: Improper delegation of client credentials during GSS negotiation

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...