PT-2020-13201 · Mozilla +4 · Firefox +4

Name of the Vulnerable Software and Affected Versions: Avira Free Antivirus versions 15.0.2005.1866 and earlier Description: The issue allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in...

Moderate: Red Hat Enhancement Advisory: CNV 2.3.0 Images

Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements. Container-native virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the followi...

Google Android has a denial of service vulnerability

Android is the smart operating system commonly found on cell phones and IoT devices. Google Android has a denial-of-service vulnerability that can be exploited by an attacker to cause the device to crash and become unusable through a native process that consumes system and device resources...

CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

Design/Logic Flaw

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

CVE-2020-12270

CVE-2020-12270 : Affects Bluezone 1.0.0 through the React Native Bluetooth Scan component. The root cause is use of insufficiently random values to generate six-character alphanumeric IDs, which could let a remote attacker interfere with COVID-19 contact tracing by issuing many IDs. Exploitation ...

Principles of a Cloud Migration – Security, The W5H – Episode WHAT?

Teaching you to be a Natural Born Pillar! Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of...

Design/Logic Flaw

In ColorOS oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP, RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release

Updated Red Hat JBoss Web Server 5.3.0 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release

Red Hat JBoss Web Server 5.3.0 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3 (Important) (RHSA-2020:1520)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1520 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...

Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory

A lightweight native DLL mapping library that supports mapping directly from memory Features Imports and delay imports are resolved Relocations are performed Image sections are mapped with the correct page protection Exception handlers are initialised A security cookie is generated and initialise...

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with JBP4.3 and KK4.4.2 software. Because the READLOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding AN...

Cloud Native Application Development Enables New Levels of Security Visibility and Control

We are in unique times and it’s important to support each other through unique ways. Snyk is providing a community effort to make a difference through AllTheTalks.online, and Trend Micro is proud to be a sponsor of their virtual fundraiser and tech conference. In today’s threat landscape new clou...

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS. It is due to buffer overflow flaws in sndusbcaiaqaudioinit and sndusbcaiaqmidiinit could allow a local, unprivileged user with access to a Native Instruments USB audio device to cause a denial of service or escalate their privileges...

CVE-2019-9946

Cloud Native Computing Foundation CNCF CNI Container Networking Interface 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE-...

Announcing the Release of Malware Prevention for Linux

The VMware Carbon Black team has a mission to keep your entire organization safe from cyber attacks. To deliver on this for today’s landscape, the Carbon Black Cloud platform has added malware prevention for Linux to bring the entire protection lifecycle to Windows, macOS, and Linux. With Linux n...

March 2020 -- What's New in Security, Part 2

Welcome to Akamai's March 2020 Release. As we covered yesterday, this release offers a week of product updates, with each day highlighting continued innovations across a different area of Akamai's portfolio: Monday and Tuesday feature two days of security updates. There's a lot going on in Akamai...