Design/Logic Flaw

Wire is an open-source collaboration platform. In Wire for iOS iPhone and iPad before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the...

CVE-2021-21301

Wire is an open-source collaboration platform. In Wire for iOS iPhone and iPad before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the...

CVE-2021-21301

Wire for iOS prior to 3.75 contains a privacy vulnerability where video capture isn’t stopped when a user first enables the camera and then disables it, causing video to be streamed in calls and potentially exposed. All users in video calls are affected. The issue is fixed in version 3.75. Remedi...

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

CVE-2020-4996

IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913...

Lenovo Lenovo XClarity Administrator Information Disclosure Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product provides agentless hardware management for servers, storage, network switches, and more. An information disclosure vulnerability exists in Lenovo XClarity Administrator, which stems fr...

CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

CVE-2021-26917

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported awa...

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

CVE-2020-4996

IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913...

Fedora 32 : 1:wireshark (2021-138674557c)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-138674557c advisory. - Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture fil...

Fedora 33 : 1:wireshark (2021-f3011da665)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-f3011da665 advisory. - Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture fil...

[SECURITY] Fedora 33 Update: wireshark-3.4.2-1.fc33

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

How to Enable the Dedicated Dump File Feature in Provisioning Services 6.x

This article describes how to enable the Dedicated Dump File feature in Provisioning Services 6.x. Note: The dedicateddumpfile.sys is essentially a mirror of pagefile.sys that is required to capture a dump on a drive other than the system partition...

Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Advanced persistent threat APT group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom “Caterpillar” webshell and the “Explosive RAT” remote access trojan RAT, both of which...

CVE-2021-22174

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and...

Wireshark 资源管理错误漏洞

Wireshark is a network packet analyzer. Wireshark is a network packet analyzer that captures network packets and displays the most detailed packet information possible.Wireshark uses WinPCAP as an interface to exchange data packets directly with the network card. Wireshark has a denial of service...

CTF-All-In-One

This is a comprehensive book on CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chaofei, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

MGASA-2021-0016 Updated xrdp packages fix security vulnerability

Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credential...