Security Updates for Microsoft Office Compatibility Products (May 2018)

The Microsoft Office Compatibility Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully...

Microsoft Outlook CVE-2018-8160 Information Disclosure Vulnerability

Description Microsoft Outlook is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Office 2010 Service Pack 2 64-b...

[SECURITY] Fedora 26 Update: scummvm-tools-2.0.0-1.fc26

This is a collection of various tools that may be useful to use in conjunction with ScummVM. Please note that although a tool may support a feature, certain ScummVM versions may not. ScummVM 0.6.x does not support FLAC audio, for example. Many games package together all their game data in a few b...

[SECURITY] Fedora 28 Update: scummvm-2.0.0-1.fc28

ScummVM is a program which allows you to run certain classic graphical point-and-click adventure games, provided you already have their data files. ScummVM supports many adventure games, including LucasArts SCUMM games such as Monkey Island 1-3, Day of the Tentacle, Sam & Max, ..., many of Sierra...

SUSE-SU-2018:1121-1 Security update for corosync

This update for corosync fixes the following issue: - CVE-2018-1084: Integer overflow in totemcrypto:authenticatenss23 could lead to command execution bsc1089346 - Providing an empty uid or gid results in coroparse adding uid 0. bsc1066585 - Fix a problem with configuration file incompatibilities...

Microsoft Windows 10: Create symbolic links

This user right determines if users can create a symbolic link from the device they are logged on to. A symbolic link is a file-system object that points to another file-system object. The object that is pointed to is called the target. Symbolic links are transparent to users. The links appear as...

Fedora 26 : boost (2018-b73bfea3af)

Updated Boost libraries are available that fix compatibility with CUDA 9.x compilers and fix a possible integer overflow in Boost.Regex. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 27 : boost (2018-97c275d576)

Updated Boost libraries are available that fix compatibility with CUDA 9.x compilers and fix a possible integer overflow in Boost.Regex. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

How to Upgrade Mac to macOS High Sierra

The latest version of the macOS operating system, macOS High Sierra, was released on Monday, September 25, 2017. In this article, we will explain how to upgrade mac to macOS High Sierra. Why Should We Upgrade to macOS High Sierra? Apple released the latest macOS, High Sierra, and added some new...

Fedora 26 : roundcubemail (2018-f6dc921a19)

Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...

Fedora 27 : roundcubemail (2018-57fbdb1cb5)

Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...

Hashcat Wrapper for Distributed Hashcracking: Hashtopolis

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis’s development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation

A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space...

Format string

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...

Microsoft Office: ActiveX Control Initialization

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013activexcontrolinitialization.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for ActiveX Control Initialization Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...

openssh security, bug fix, and enhancement update

7.4p1-16 + 0.10.3-2 - Fix for CVE-2017-15906 1517226 7.4p1-15 + 0.10.3-2 - Do not hang if SSH AuthorizedKeysCommand output is too large 1496467 - Do not segfault pamsshagentauth if keyfile is missing 1494268 - Do not segfault in audit code during cleanup 1488083 - Add WinSCP 5.10+ compatibility...

Soldering for Reverse Engineering. Swapping out eSIMs with “normal” SIMs

Sometimes, the mobile devices we work on only have cellular data connections. In those instances, we’re usually pretty interested in trying things like this to get credentials for the APN so we can start snooping around on that. We’re also really interested in monitoring what kind of traffic is...

Microsoft Office Compatibility Pack Service Pack 3 Information Disclosure Vulnerability (KB4018354)

This host is missing an important security update according to Microsoft KB4018354 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Office Compatibility Pack Service Pack 3 Multiple RCE Vulnerabilities (KB4011717)

This host is missing an important security update according to Microsoft KB4011717 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Security Updates for Microsoft Office Compatibility Products (April 2018)

The Microsoft Office Compatibility Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Office renders Rich Text Format RTF email messages containing OLE objects when a message is opened or previewed...