#vulnerability

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in

In the ever-evolving world of financial services, staying compliant, secure and efficient is paramount. Financial institutions are under constant pressure to manage risks, adhere to regulatory requirements and ensure operational consistency. With the advent of new technologies, the complexity of managing these requirements has increased, making traditional manual processes inadequate. This is where the future of automation--automated policy as code--comes into play, offering a transformative approach to complement your governance, risk management and compliance (GRC) procedures.What is automat

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

There is a denial-of-service vulnerability in sequoia-openpgp, our crate providing a low-level interface to our OpenPGP implementation. When triggered, the process will enter an infinite loop. Many thanks to Andrew Gallagher for disclosing the issue to us. ## Impact Any software directly or indirectly using the interface `sequoia_openpgp::cert::raw::RawCertParser`. Notably, this includes all software using the `sequoia_cert_store` crate. ## Details The `RawCertParser` does not advance the input stream when encountering unsupported cert (primary key) versions, resulting in an infinite loop. The fix introduces a new raw-cert-specific `cert::raw::Error::UnuspportedCert`. ## Affected software - sequoia-openpgp 1.13.0 - sequoia-openpgp 1.14.0 - sequoia-openpgp 1.15.0 - sequoia-openpgp 1.16.0 - sequoia-openpgp 1.17.0 - sequoia-openpgp 1.18.0 - sequoia-openpgp 1.19.0 - sequoia-openpgp 1.20.0 - Any software built against a vulnerable version of sequoia-openpgp which is directly or i...

The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought it earlier this year.

Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters. This can result in accidental exposure of secrets through the default system log. Structs Plugin 338.v848422169819 inspects the types of actual parameters before logging these warning messages, and limits detailed diagnostic information to FINE level log messages if secrets are involved. These log messages are not displayed in the default Jenkins system log.

When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content will be stored unencrypted (only Base64 encoded) on the Jenkins controller file system. These credentials can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials). Plain Credentials Plugin 183.va_de8f1dd5a_2b_ no longer attempts to decrypt the content of the file when creating secret file credentials.

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.