Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package APK files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on t...

SAP Host Agent Information Disclosure Vulnerability (CNVD-2023-65176)

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authenticatio...

kernel security and bug fix update

3.10.0-1160.95.1.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.95.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 2481767...

Update 22.4 for Microsoft Dynamics 365 Business Central 2023 Release Wave 1 (Application Build 22.4.59535, Platform Build 22.0.59520)

None None...

Memory Integrity System Readiness Scan Tool Defense in Depth Update

The Memory Integrity System Readiness Scan Tool hvciscanamd64.exe and hvciscanarm64.exe is used to check for compatibility issues with memory integrity, also known as hypervisor-protected code integrity HVCI. The original version was published without a RSRC section, which contains resource...

CVE-2023-36926

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no...

PT-2023-4215 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent version 7.22 Description: The issue is related to a missing authentication check in the SAP Host Agent, allowing an unauthenticated attacker to set an undocumented parameter to a particular compatibility value. This enables the...

SAP Host Agent 授权问题漏洞

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authenticatio...

SUSE-SU-2023:3142-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security fixes: CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler bsc1211741 - Bug fixes: Prevent pygit2.GitError: error loading knownhosts when $HOME is not set bsc1210994 Fix ModuleNotFoundError and other issues raised...

SUSE-SU-2023:3137-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2023-28370: Tornado: Fix an open redirect issue in the static file handler bsc1211741 - Prevent pygit2.GitError: error loading knownhosts when $HOME is not set bsc1210994 - Fix ModuleNotFoundError and other issues raised by...

SUSE-SU-2023:3128-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security fixes: CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler bsc1211741 - Bug fixes: Prevent pygit2.GitError: error loading knownhosts when $HOME is not set bsc1210994 Fix ModuleNotFoundError and other issues raised...

Default Account fallback lack payable

Lines of code Vulnerability details Impact fallback lack payable,will lead to differences from the mainnet, and many existing protocols may not work Proof of Concept DefaultAccount Defined as follows: DefaultAccount The implementation of the default account abstraction. This is the code that is...

Upmoutlookhook64.dll error launching a Published Desktop session

Error "C:\Program Files\Citrix\User Profile Manager\upmoutlookhook64.dll is either not designed to run on Windows or it contains an error" when launching Outlook from a Published Desktop...

Avoid using the same ERC-165 interface ID for URDs and their callers

Lines of code Vulnerability details Bug Description Contracts that implement the LSP-1 standard include INTERFACEIDLSP1 in their supportsInterface function. This means that they have a universalReceiver function that calls a Universal Receiver Delegate URD, such as LSP1UniversalReceiverDelegateUP...

Using supportsERC165InterfaceUnchecked() might break LSP functionality for certain contracts

Lines of code Vulnerability details Bug Description Throughout the codebase, the protocol uses the supportsERC165InterfaceUnchecked function from Openzeppelin's ERC165Checker.sol to check for the support of ERC-165 interface IDs. However, supportsERC165InterfaceUnchecked only checks if the call t...

Security Updates for Outlook C2R Multiple Vulnerabilities (July 2023)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A security feature bypass vulnerability. CVE-2023-35311 - A spoofing vulnerability. CVE-2023-33151 Note that Nessus has not tested for...

Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures

A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers. "Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverifie...

CVE-2023-24421

Cross-Site Request Forgery CSRF vulnerability in WP Engine PHP Compatibility Checker plugin = 1.5.2 versions...

CVE-2023-24421

Cross-Site Request Forgery CSRF vulnerability in WP Engine PHP Compatibility Checker plugin = 1.5.2 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WP Engine PHP Compatibility Checker plugin = 1.5.2 versions...