53 matches found
gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
CVE-2026-42014
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
EUVD-2026-37029
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
CVE-2026-42014 Gnutls: gnutls: use-after-free in gnutls_pkcs11_token_set_pin
A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...
CVE-2026-42014
GnuTLS vulnerability CVE-2026-42014 fixes a use-after-free in gnutls_pkcs11_token_set_pin when changing the Security Officer PIN with a NULL old PIN on tokens lacking a protected authentication path. The connected advisories (SUSE SUSE-SU-2026:2115-1, OSV entries, and Red Hat Oracle/Rocky advisor...
8 best practices for CISOs conducting risk reviews
The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
The U.S. Securities and Exchange Commission SEC has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack. In a joint motion filed November 20, 2025,...
New IDC research highlights a major cloud security shift
Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks. According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year...
How CISOs Should Plan Security Budgets for 2026
Build a defensible 2026 security budget with data, not guesswork. We share practical tips, ROI levers, and fresh insights from our survey of 300+ CISOs and security leaders...
EUVD-2025-23283
Malicious code in bioql PyPI...
CVE-2025-29556
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...
CVE-2025-29556
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...
CVE-2025-29556
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an...
CVE-2025-29556
ExaGrid EX10 vulnerable to Incorrect Access Control (CVE-2025-29556) in versions 6.3–7.0.1.P08. A flaw in the account creation flow allows an Admin to bypass restrictions via API request manipulation, enabling creation of Security Officer accounts without prior approval. Attack scenario: an Admin...
Exploit for CVE-2025-29556
CVE-2025-29556 – ExaGrid Security Officer Account Creation Byp...
PT-2025-31459 · Exagrid · Exagrid Ex10
Name of the Vulnerable Software and Affected Versions: ExaGrid EX10 versions 6.3 through 7.0.1.P08 Description: ExaGrid EX10 versions 6.3 through 7.0.1.P08 are susceptible to an incorrect access control issue. Starting with version 6.3, ExaGrid implemented restrictions to prevent users with the...
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2
Microsoft launched its Cybersecurity Governance Council in 2024, and with it, named a group of deputy chief information security officers that ensure comprehensive oversight of the company’s cybersecurity risk, defense, and compliance. These leaders work in tandem with product and engineering...
CISO: funciones y responsabilidades laborales 🛡️
Significado de CISO En el ámbito corporativo, CISO es un acrónimo ampliamente reconocido que denota a "Chief Information Security Officer", que se puede interpretar en español como el Encargado Principal de Salvaguardar la Información. Este encargo representa una posición esencial en el organigra...