Allocation of Resources Without Limits or Throttling

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the WebDAV LOCK and PROPFIND XML request bodies. An attacker can cause excessive resource consumption by...

(0Day) Microsoft Windows library-ms NTLM Response Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must view a folder containing malicious content. The specific flaw exists within the...

Cloud Atlas seen using a new tool in its attacks

Introduction Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We're shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formul...

CVE-2022-37398

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below...

ASUSTOR Data Master 缓冲区错误漏洞

ASUSTOR Data Master is a proprietary operating system for ASUSTOR NAS from Taiwan's ASUSTOR, featuring a tablet-like graphical interface with a zero learning curve, making it easy to get started right out of the box. A security vulnerability exists in ASUSTOR Data Master versions 3.5.9.RUE3 and...

July 12, 2022—KB5015862 (Security-only update)

July 12, 2022—KB5015862 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of...

July 12, 2022—KB5015861 (Monthly Rollup)

July 12, 2022—KB5015861 Monthly Rollup Summary Learn more about this cumulative security update, including improvements, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end of...

July 12, 2022—KB5015877 (Security-only update)

July 12, 2022—KB5015877 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDER Windows 8.1 will reach end of support on January 10, 2023, at which point technical assistance and software updates will n...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Sterling Connect:Enterprise for UNIX (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Sterling Connect:Enterprise for UNIX when using the AS2 or WebDAV protocols. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...

Update Protection against Microsoft Windows Web Client Service Vulnerability (MS06-008)

A vulnerability was detected in Microsoft Windows Web Client service. The Web Client Service allows applications to access documents on the Internet by using the WebDAV protocol. WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remot...