Microsoft Signed Malware That Spreads Through Gaming

Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft. Hahn noted that the co...

Virtuozzo Automator 7.0 Update 2 Hotfix 13 (VA MN: 7.0.2-674)

Hotfix 13 for Virtuozzo Automator 7.0.2 provides a stability and usability fix. Vulnerability id: PVA-37631 Virtuozzo 6 nodes could appear as offline in Virtuozzo Automator 7 due to disabled support for TLS 1.0 required by VA 6 agents. As a part of the fix, the 'sslhighsecurity' parameter was add...

SUSE-SU-2021:14753-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-wrouesnel-postgresexporter: - Add support for aarch64 mgr-cfg: - SPEC: Updated Python definitions for RHEL8 and quoted text comparisons. mgr-custom-info: - Update package version to 4.2.0 mgr-daemon: - Update translation strings - Update the...

SUSE-SU-2021:2003-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.11 bsc1186696 Security issues fixed: - CVE-2021-29964: Out of bounds-read when parsing a WMCOPYDATA message - CVE-2021-29967: Memory safety bugs fixed in Thunderbird 78.11 General improvements: - OpenPGP could n...

NFT Hub implementation deviates from ERC721 for transfer functions

Handle 0xRajeev Vulnerability details Impact ERC721 standard and implementation allows the use of approved addresses to affect transfers besides the token owners. However, the L2 NFT Hub implementation deviates from ERC721 by ignoring the presence of any approvers in the overriding function...

Unable to Add Account Using Citrix Workspace App for Mac 21.6 with Error: , “Key size is not permitted for this use in certificate"

Trying to add an account on Citrix Workspace App for Mac 21.6 on macOS 10.15, receiving the following error: Cannot add account Contact your help desk with the error description that you receive. For example, “Key size is not permitted for this use in certificate.” RFMAC-8431...

Memory corruption vulnerability in Polaris Office windows version

Polaris Office is an office suite compatible with MS Word, Excel, PowerPoint and Adobe PDF. A memory corruption vulnerability exists in Polaris Office windows version. An attacker could exploit this vulnerability to cause the program to crash...

SUSE: Security Advisory (SUSE-SU-2013:1151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:0010-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM DataPower Gateway Appliances (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM DataPower Gateway Appliances. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

Description of the security update for Office Online Server: June 8, 2021 (KB5001943)

Description of the security update for Office Online Server: June 8, 2021 KB5001943 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more, see Microsoft Common Vulnerabilities and Exposures CVE-2021-31939. Note: To apply this security update, y...

Security update for libu2f-host (moderate)

openSUSE Security Update: Security update for libu2f-host Announcement ID: openSUSE-SU-2021:0799-1 Rating: moderate References: 1124781 1128140 1184648 ECO-3687 Cross-References: CVE-2018-20340 CVE-2019-9578 CVSS scores: CVE-2018-20340 NVD : 6.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...

[SECURITY] Fedora 33 Update: slapi-nis-0.56.7-1.fc33

This package provides two plugins for Red Hat and 389 Directory Server. The NIS Server plugin allows the directory server to act as a NIS server for clients, dynamically generating and updating NIS maps according to its configuration and the contents of the DIT, and serving the results to clients...

[SECURITY] Fedora 34 Update: slapi-nis-0.56.7-1.fc34

This package provides two plugins for Red Hat and 389 Directory Server. The NIS Server plugin allows the directory server to act as a NIS server for clients, dynamically generating and updating NIS maps according to its configuration and the contents of the DIT, and serving the results to clients...

SUSE-SU-2021:1755-1 Security update for libu2f-host

This update for libu2f-host fixes the following issues: This update ships the u2f-host package jscECO-3687 bsc1184648 Version 1.1.10 released 2019-05-15 - Add new devices to udev rules. - Fix a potentially uninitialized buffer CVE-2019-9578, bsc1128140 Version 1.1.9 released 2019-03-06 - Fix CID...

dovecot security and bug fix update

1:2.3.8-9 - fix CVE-2020-24386 IMAP hibernation function allows mail access 1913534 1:2.3.8-8 - fix CVE-2020-25275 denial of service via mail MIME parsing 1914019 1:2.3.8-7 - change run directory from /var/run to /run 1805947 1:2.3.8-6 - fix mail storage block count parsing 1894418 - MIME parser...

Important: Red Hat Security Advisory: slapi-nis security and bug fix update

An update for slapi-nis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

GHSA-PMQP-H87C-MR78 XML Entity Expansion and Improper Input Validation in Kubernetes API server

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...