PT-2023-25839 · Synel · Synel Terminals

Name of the Vulnerable Software and Affected Versions: Synel Terminals affected versions not specified Description: The issue is related to the download of code without an integrity check, which is classified as CWE-494. This problem can potentially allow malicious code to be executed on the...

Genians Genian NAC Security Vulnerability

Genians Genian NAC is a network security and access control software from Genians Korea. It helps organizations identify IP-enabled devices, manage vulnerabilities, and check device configurations to protect network access environments. A security vulnerability exists in Genians Genian NAC and...

PT-2023-27349 · Genians · Genian Nac Suite +2

Name of the Vulnerable Software and Affected Versions: Genians Genian NAC versions 4.0.0 through 4.0.155 Genians Genian NAC versions 5.0.0 through 5.0.42 Genians Genian NAC Suite versions 5.0.0 through 5.0.54 Genians Genian ZTNA versions 6.0.0 through 6.0.15 Description: The issue is related to a...

Memory Integrity System Readiness Scan Tool Defense in Depth Update

The Memory Integrity System Readiness Scan Tool hvciscanamd64.exe and hvciscanarm64.exe is used to check for compatibility issues with memory integrity, also known as hypervisor-protected code integrity HVCI. The original version was published without a RSRC section, which contains resource...

Guidance on Microsoft Signed Drivers Being Used Maliciously

Executive Summary: Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program MWHDP were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the...

Blank Windows Display when Open Citrix Workspace APP

When opening Citrix Workspace App, it displays blank. User cannot input store's URL or username&password to login. However, the ICA session can be launched through browser. It shows msedgewebview2.exe crashed because tsafedoc64.dll does not meet the Microsoft signing level requirement in Event...

Exploit for Download of Code Without Integrity Check in Dlink Dnr-322L_Firmware

CVE-2022-40799 Title: D-Link DNR-322L - Authenticated Remote...

July 21, 2022—KB5015880 (OS Build 17763.3232) Preview

July 21, 2022—KB5015880 OS Build 17763.3232 Preview 7/12/22 After September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as the "B" or Update...

July 19, 2022—KB5015879 (OS Build 20348.859) Preview

July 19, 2022—KB5015879 OS Build 20348.859 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

CVE-2022-28944

CVE-2022-28944 affects multiple EMCO Software products (e.g., MSI Package Builder for Windows 9.1.4; Remote Installer 6.0.13; Ping Monitor 8.0.18; Remote Shutdown 7.2.2; WakeOnLan 2.0.8; Network Inventory 5.8.22; Network Software Scanner 2.0.8; UnLock IT 6.1.1) via the Updater component. The flaw...

Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...

Trojan Source CVE-2021-42572: No Panic Necessary

What is this thing? Researchers at the University of Cambridge and the University of Edinburgh recently published a paper on an attack technique they call “Trojan Source.” The attack targets a weakness in text-encoding standard Unicode—which allows computers to handle text across many different...

October 26, 2021—KB5006745 (OS Build 20348.320) Preview

October 26, 2021—KB5006745 OS Build 20348.320 Preview Improvements and fixes This non-security update includes quality improvements. Key changes include: Addresses a regression that might cause stop error 0x38 on some machine configurations that use non-ASCII text in the registry. Addresses an...

October 19, 2021—KB5006744 (OS Build 17763.2268) Preview

October 19, 2021—KB5006744 OS Build 17763.2268 Preview 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page. Highlights Adds...

Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution

I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials,...

August 26, 2021—KB5005102 (OS Build 17763.2145) Preview

August 26, 2021—KB5005102 OS Build 17763.2145 Preview 6/15/21 IMPORTANT This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the Update on Adobe Flash Player End of Support. 11/17/20 For information about Windows...

Two Google plans that could make open source code more secure

Recently Google announced that it will fund the further development of Rust. Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C. Google has also proposed an end-to-end framework for supply chain integrity which it...

Design/Logic Flaw

Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022...

CVE-2020-7337

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise VSE prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of...

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise VSE prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of...