September 13, 2016 — KB3189866 (OS Builds 14393.187 and 14393.189)

September 13, 2016 — KB3189866 OS Builds 14393.187 and 14393.189 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Windows Shell, map apps, Internet Explorer 11, and...

Microsoft Edge - Sandbox Escape

Content process - Privileged content process firststage.js When spawning a new Edge content process, its privilege is determined by its URL. This URL check is performed by the LCIEUrlPolicy::GetPICForPrivilegedInternalPage method in eModel.dll. The method calls several another methods to check...

[SECURITY] Fedora 27 Update: visualboyadvance-m-2.1.0-2.fc27

VisualBoyAdvance-M is a Nintendo Game Boy Emulator with high compatibility with commercial games. It emulates the Nintendo Game Boy Advance hand held conso le, in addition to the original Game Boy hand held systems and its Super and Co lor variants. VBA-M is a continued development of the now...

The vulnerability of the compatibility subsystem for running Linux applications on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the compatibility subsystem for running Linux applications on Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

Debian DSA-4295-1 : thunderbird - security update

Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we're...

Errors using SecurAuth SAML to StoreFront Site

The customer is setting up a new SAML store to use SecurAuth in place of smart cards for certain MAC users due to a known compatibility of Smart Cards with MAC devices When navigating to the URL portal, we are returned with the following error after entering the PIN and being redirected to a seco...

Microsoft Office Compatibility Pack SP3 Information Disclosure Vulnerability (KB4092466)

This host is missing an important security update according to Microsoft KB4092466 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: September 11, 2018

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: September 11, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these...

Security Updates for Microsoft Office Compatibility Products (September 2018)

The Microsoft Office Compatibility Products are missing a security update. It is, therefore, affected by the following vulnerability : - An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability...

Compatibility update for upgrading to Windows 10, version 1803: September 18, 2018

Compatibility update for upgrading to Windows 10, version 1803: September 18, 2018 Summary This update makes improvements to ease the upgrade experience to Windows 10, version 1803. How to get this update This update is available through Windows Update. It will be downloaded and installed...

RHEL 6 / 7 : JBoss EAP (RHSA-2016:2642)

The jboss-ec2-eap package that adds an enhancement is now available for Red Hat JBoss Enterprise Application Platform 7.0.3 on Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

Google 'Titan Security Key' Is Now On Sale For $50

Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next '18 convention, Titan Security Key is a tiny USB device—similar to Yubico's YubiKey—that offers hardware-based two-factor authentication 2FA for online accounts with the highest...

[SECURITY] Fedora 28 Update: dolphin-emu-5.0-24.fc28

Dolphin is a Gamecube, Wii and Triforce the arcade machine based on the Gamecube emulator, which supports full HD video with several enhancements such as compatibility with all PC controllers, turbo speed, networked multiplaye r, and more. Most games run perfectly or with minor bugs...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

DuckDuckGo: XSS in Subdomain of DuckDuckGo

A cross-site scripting vulnerability was discovered in a subdomain of DuckDuckGo. The subdomain had a Content Security Policy header intended to prevent script execution, but this could be bypassed in Internet Explorer. As a result, malicious scripts could be injected and executed in the...

Microsoft Office Compatibility Pack SP3 RCE and Information Disclosure Vulnerabilities (KB4032212)

This host is missing an important security update according to Microsoft KB4032212. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

CVE-2018-5392

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base...

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: August 14, 2018

Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: August 14, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution and information disclosure if a user opens a specially crafted Office file. T...

Description of the security update for Microsoft Office Viewers and Office Compatibility Pack: August 14, 2018

Description of the security update for Microsoft Office Viewers and Office Compatibility Pack: August 14, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow information disclosure if a user opens a specially crafted Office file. To learn more about the...