Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Two Vulnerabilities Found in Microsoft Azure Infrastructure
Newest First  |  Oldest First  |  Threaded View
techilife99
50%
50%
techilife99,
User Rank: Apprentice
2/6/2020 | 5:37:00 AM
Re: More worried about *1372
USB Bootable Software: To install the operating system (OS) or to create a rescue disc, there was no other option than to burn the OS into a CD/DVD. Though it is not a difficult CD/DVD method is thick. Also, it is not so user-friendly and majority laptops are on their way to bury the CD/DVD writer. Thankfully, now we can use USB flash drives but to make it bootable you would need a Bootable Software.

 

bootable usb soft
dendavis15012
50%
50%
dendavis15012,
User Rank: Apprentice
1/31/2020 | 10:59:51 AM
Re: More worried about *1372
These vulnerabilities should be addressed as soon as possible. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/30/2020 | 9:17:45 PM
More worried about *1372
I'd be more worried about CVE-*-1372. The other one being a server side exploit, even though Azure may be internet exposed, has a smaller attack surface then 1372 which is app tier based.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10751
PUBLISHED: 2020-05-26
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages wit...
CVE-2020-13487
PUBLISHED: 2020-05-26
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
CVE-2020-3811
PUBLISHED: 2020-05-26
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
CVE-2020-3812
PUBLISHED: 2020-05-26
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without ...
CVE-2020-13485
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.