Mysterious Silver Sparrow Malware Found Nesting on 30K Macs

Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. Curiously, in the samples seen so far by analysts at Red Canary, the malware dubbed Silver Sparrow has been executing on...

xterm security update

253-1.0.1 - fix xutf8.h to work with up-to-date Xlib - fix crash in combining character support CVE-2021-27135 orabug 32496959...

CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DataQuant for Workstation (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DataQuant for Workstation. Vulnerability Details CVEID: CVE-2015-4000 The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey...

SUSE-SU-2021:0435-1 Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues: Security issues fixed: - CVE-2020-15257: Fixed a privilege escalation in containerd bsc1178969. - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespac...

[SECURITY] Fedora 32 Update: python27-2.7.18-8.fc32

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

Ubuntu 20.10 : SQLite vulnerability (USN-4732-1)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4732-1 advisory. SQLite could be made to crash or run programs if it processed a specially crafted query. Tenable has extracted the preceding description block directly from the Ubunt...

CVE-2021-25835

Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...

PT-2021-16810 · Cosmos Network · Ethermint

Name of the Vulnerable Software and Affected Versions: Cosmos Network Ethermint versions = v0.4.0 Description: The issue is related to a cross-chain transaction replay vulnerability in the EVM module. This vulnerability is caused by the use of the same chainID and signature schemes with Ethereum...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.5.30 bug fix update

Red Hat OpenShift Container Platform release 4.5.30 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Madshi MadCodeHook Security Breach

Madshi MadCodeHook is a code base organized by Madshi to handle code compatibility between 32-bit and 64-bit Windows 2000 to Windows 10 systems. Madshi MadCodeHook before 2020-07-16 A security vulnerability exists that allows a local attacker to elevate their privileges on the system...

Security Bulletin: A vulnerability in IBM Java affects IBM Decision Optimization Center (CVE-2020-14779)

Summary There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...

The vulnerability of the software package for creating the CX-Position position control system, the software package for describing procedures for serial data exchange between standard CX-Protocol devices, and the device compatibility system between Omron CX-Servers included in the Omron CX-One software suite, allows a hacker to execute arbitrary code.

The vulnerabilities of the software package for creating the CX-Position position control system, the software package for describing procedures for serial data exchange between standard CX-Protocol devices, and the device compatibility system between Omron CX-Servers included in the Omron CX-One...

openSUSE Security Update : stunnel (openSUSE-2021-160)

This update for stunnel fixes the following issues : Security issue fixed : - The 'redirect' option was fixed to properly handle 'verifyChain = yes' bsc1177580. Non-security issues fixed : - Fix startup problem of the stunnel daemon bsc1178533 - update to 5.57 : - Security bugfixes - New features...

openSUSE Security Update : python3 (openSUSE-2020-2333)

This update for python3 fixes the following issues : - Fixed CVE-2020-27619 bsc1178009, where Lib/test/multibytecodecsupport calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 an...

SUSE-SU-2021:0194-1 Security update for stunnel

This update for stunnel fixes the following issues: Security issue fixed: - The 'redirect' option was fixed to properly handle 'verifyChain = yes' bsc1177580. Non-security issues fixed: - Fix startup problem of the stunnel daemon bsc1178533 - update to 5.57: Security bugfixes New features - New...

SUSE-SU-2021:0048-1 Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec

This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues: - Update to 0.6.0 - Increase test coverage. - Add badges to README. - Test on Python 3.7 stable and 3.8-dev - Drop support for Python 3.4 - No longer pass html...

Available driver versions for XenServer and Citrix Hypervisor

Latest driver disk updates for XenServer and Citrix Hypervisor We work with partner organizations to ensure that drivers are available to enable new hardware and resolve critical issues. We regularly deliver updated versions of these drivers when partner organizations provide them to us. For Citr...

SUSE-SU-2021:0040-1 Security update for tomcat

This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up bsc1177582. - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602. Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from...

DEBIAN-CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS...