openSUSE Security Update : flatpak / libostree / xdg-desktop-portal / etc (openSUSE-2021-520)

This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...

SUSE-SU-2021:1113-1 Security update for tpm2-tss-engine

This update for tpm2-tss-engine fixes the following issues: - Added support to disable fixed compilation flags - Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile resulted in non-position-independent executable tpm2-tss-genkey, bsc1183895...

Trojan-Downloader.Win32.FraudLoad.xevn Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/17da6737cb94c11fa2363772d8eac0b1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.FraudLoad.xevn Vulnerability: Insecure Permissions Description: FraudLoad.xe...

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...

Samsung SMR 安全漏洞

Samsung SMR is a system firmware from Samsung South Korea. It provides storage for system applications. A security vulnerability exists in SMR Mar-2021 Release 1 that allows an attacker to load arbitrary ELF libraries in the DSP. No details of the vulnerability are provided at this time...

CVE-2020-6790

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...

CVE-2020-6790

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...

Code injection

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...

CVE-2020-6790

The CVE concerns Bosch Video Streaming Gateway installer (up to version 6.45.10) with an Uncontrolled Search Path Element flaw. An attacker who tricks a user into placing a malicious executable in the same directory from which the installer is launched can achieve arbitrary code execution on the ...

CVE-2020-6790 Uncontrolled Search Path Element in Bosch Video Streaming Gateway Installer

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious...

Worm.Win32.Ngrbot.acno Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0b3c2053a7c09aa25ba81f2bdebbb873.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Ngrbot.acno Vulnerability: Insecure Permissions Description: Creates a dir named "ffffd76...

[ASA-202103-14] groovy: privilege escalation

Arch Linux Security Advisory ASA-202103-14 ========================================== Severity: High Date : 2021-03-25 CVE-ID : CVE-2020-17521 Package : groovy Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1325 Summary ======= The package groovy before version...

CVE-2021-1441 Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability

A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...

Trojan-Dropper.Win32.Demp.rft Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Demp.rft Vulnerability: Insecure Permissions Description: The specimen creates ...

Chriswalz bit 代码问题漏洞

Chriswalz bit is Chriswalz an open source application . Provides an experimental git-based modernization of the git CLI. ChrisWalz bit 1.0.5 version of the previous code problem vulnerability , an attacker can exploit the vulnerability can be through a carefully crafted repository in the .exe fil...

Fedora: Security Advisory for upx (FEDORA-2021-dff7e97510)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: upx-3.96-8.fc34

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 32 Update: upx-3.96-8.fc32

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 33 Update: upx-3.96-8.fc33

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

CVE-2021-26234

FastStone Image Viewer = 7.5 is affected by a user mode write access violation at 0x00402d8a, triggered when a user opens or views a malformed CUR file that is mishandled by FSViewer.exe. Attackers could exploit this issue for a Denial of Service DoS or possibly to achieve code execution...