SUSE-SU-2020:0495-1 Security update for ovmf

This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth bsc1094291. - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation bsc1163959. -...

DLLPasswordFilterImplant - DLL Password Filter Implant With Exfiltration Capabilities

DLLPasswordFilterImplant is a custom password filter DLL that allows the capture of a user's credentials. Each password change event on a domain will trigger the registered DLL in order to exfiltrate the username and new password value prior successfully changing it in the Active Directory AD. Fo...

Citrix Gateway Native OTP not working with Citrix IOS Workspace Client

1. Native OTP configuration done as per https://docs.citrix.com/en-us/netscaler-gateway/12/native-otp-support.html 2. Android / Windows Workspace Clients and Browser work able to authenticate, enumerate and launch APPs 3. IOS Workspace Client is unable to authenticate, if user enters the...

License compatibility and merge rules for Veeam Availability Suite v10/v11

The following describes general licensing, compatibility and merge rules for end users/customers. It shows the monitoring and reporting capabilities of Veeam ONE licensed perpetually per socket and...

CVE-2020-0674

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713,...

openSUSE Security Update : upx (openSUSE-2020-163)

This update for upx to version 3.96 fixes the following issues : - CVE-2019-1010048: Fixed a denial of service in PackLinuxElf32::PackLinuxElf32help1 boo1141777. - CVE-2019-14296: Fixed a denial of service in canUnpack boo1143839. - CVE-2019-20021: Fixed a heap-based buffer over-read in canUnpack...

December 10, 2019—KB4530711 (OS Build 15063.2224)

December 10, 2019—KB4530711 OS Build 15063.2224 Current status of Windows 10, version 1703 Windows 10, version 1703 has reached end of service for all editions. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10 . Surface Hub...

Release notes for Veeam Backup for Microsoft 365 4b

Challenge Release Notes for Veeam Backup for Microsoft 365 4b. Please note that Veeam Backup for Microsoft 365 4с is now available and contains all the resolved issues from Veeam Backup for Microsoft 365 4b. Cause Please confirm you are running Veeam Backup for Microsoft 365 version 2.0 builds...

AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System HIDS due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be...

[SECURITY] Fedora 31 Update: opensc-0.20.0-3.fc31

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems, enabling attackers to enhance their privileges.

The vulnerability of the compatibility subsystem for running Linux applications in Windows Subsystem for Linux WSL operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +754 more potentially affected by CVE-2020-5398 via org.springframework:spring-webmvc (>=5.0.0.RELEASE <=5.0.15.RELEASE)

org.springframework:spring-webmvc MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =2.0.3.RELEASE, =2.0.2.RELEASE, =1.0.3.RELEASE, =3.1.0, =3.1.0, =2.0.7, =2.0.11 - ch.rasc:wamp2spring =1.0.0 - ch.rasc:wamp2spring-security =1.0.0...

Exploit for CVE-2020-2551

Twitter: @Hktalent3135773...

5G Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping i...

Debian DLA-2062-1 : sa-exim security update

It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the compatibility...

CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

[SECURITY] [DLA 2062-1] sa-exim security update

Package : sa-exim Version : 4.2.1-14+deb8u1 CVE ID : CVE-2019-19920 Debian Bug : 946829 It was found that sa-exim, the SpamAssassin filter for Exim, allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, whic...

Fedora Update for compat-openssl10 FEDORA-2019-db06efdea1

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Citrix Virtual Desktops Licensing - Increment Lines Explained

Note: The Citrix License Administration Console has reached end of life and end of support in Citrix Licensing 11.16.3. Use theCitrix Licensing Manager This article contains information about the increment line in Citrix Virtual Desktops Licensing.XenDesktop has been rebranded as Citrix Virtual...

Pylane - An Python VM Injector With Debug Tools, Based On GDB

Pylane is a python vm injector with debug tools, based on gdb and ptrace. Pylane uses gdb to trace python process, inject and run some code in its python vm. Usage use inject command to inject a python script in an process: pylane inject use shell command to inject an interactive shell: pylane...