[SECURITY] Fedora 33 Update: snapd-2.49-1.fc33

Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages...

[SECURITY] [DSA 4856-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4856-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2021 https://www.debian.org/security/faq -...

Debian DSA-4852-1 : openvswitch - security update

Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Supporting COVID-19 Vaccine Rollouts with Vaccine Edge

Global efforts to produce and distribute the COVID-19 vaccine continue to race ahead. But in many cases, that race is an uphill climb. Beyond the challenges in making enough of the vaccine, educating the public, and the logistics of distributing the doses, there is a new challenge. Bots. In recen...

Asymmetric-key algorithms and symmetric-key algorithms

The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock the door. A symmetric-key algorithm, just like real doors,...

CVE-2021-26719

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registration step such that craft...

CVE-2021-26719

CVE-2021-26719 describes a directory traversal in Gradle-related components: gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor with certain credentials can perform a registrat...

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

Alt-N MDaemon Webmail 20.0.0 Cross Site Scripting

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...

Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...

The vulnerability in the web interface of the Cisco Umbrella security cloud service allows a attacker to trigger a service failure.

The vulnerability of the Cisco Umbrella security cloud service web interface is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

OESA-2021-1027 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols.\r\n\r\n Security Fixes:\r\n\r\n The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as...

CVE-2020-18724

Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...

CVE-2020-18724

Authenticated stored cross-site scripting XSS in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list...

[SECURITY] Fedora 33 Update: erlang-23.2.3-1.fc33

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson...

Police Have Disrupted the Emotet Botnet

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are...

[SECURITY] Fedora 33 Update: php-pear-1.10.12-5.fc33

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components...

[SECURITY] Fedora 32 Update: php-pear-1.10.12-5.fc32

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components...

CVE-2021-23272

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting XSS attack o...

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...