RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
## Description
This is Samba's response to Microsoft's CVE-2022-38023[1][2].
Following RFC8429 and as has been published for CVE-2022-3938, rc4-hmac
(also known as arcfour-hmac-md5) cryptography in Ke ...
Continue Reading
December 15, 2022
Description of the security update for SharePoint Enterprise Server 2016: December 13, 2022 (KB5002321)
None
## Summary
This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories:
* [Micr ...
Continue Reading
December 14, 2022
Cumulative Update 67 for Microsoft Dynamics NAV 2016 (Build 52168)
None
## Overview
This cumulative update replaces previously released cumulative updates. You should always install the latest cumulative update. This update adds the ability to [connect Dynamics NAV 2 ...
Continue Reading
December 14, 2022
Description of the security update for SharePoint Server Subscription Edition: December 13, 2022 (KB5002327)
None
## Summary
This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories:
* [Micr ...
Continue Reading
December 14, 2022
Description of the security update for SharePoint Server 2019: December 13, 2022 (KB5002311)
None
## Summary
This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories:
* [Micr ...
Continue Reading
December 14, 2022
SQL Injection
cubejs-backend/api-gateway is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the `/v1/sql-runner` endpoint allows a malicious authenticated user to inject and exe ...
Continue Reading
December 13, 2022
(RHSA-2022:8874) Moderate: Red Hat OpenStack Platform 16.1.9 (openstack-barbican) security update
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets, including in OpenStack environments.
Security Fix(es):
* Barbican allows authenticated users to add/modi ...
Continue Reading
December 13, 2022
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which ...
Continue Reading
December 13, 2022
CVE-2022-4098
Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. During an authenticated session to the WBM of the Com-Server an unauthenticated ...
Continue Reading
December 13, 2022
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2021-29469, CVE-2022-39160, CVE-2022-38708, CVE-2022-42003, CVE-2022-42004, CVE-2022-43883, CVE-2022-43887, CVE-2022-25647, CVE-2022-36364)