[SECURITY] Fedora 30 Update: systemd-241-7.gita2eaa1c.fc30

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

The vulnerability of the kvm_ioctl_create_device function in Linux operating system kernels allows a hacker to trigger a service failure.

The vulnerability of the kvmioctlcreatedevice function in Linux operating systems arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service failures...

[SECURITY] Fedora 30 Update: systemd-241-5.git3d835d0.fc30

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

[SECURITY] Fedora 28 Update: ntp-4.2.8p13-1.fc28

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

[SECURITY] Fedora 30 Update: ntp-4.2.8p13-1.fc30

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays

IDArling is a collaborative reverse engineering plugin for IDA Pro and Hex-Rays. It allows to synchronize in real-time the changes made to a database by multiple users, by connecting together different instances of IDA Pro. The main features of IDArling are: hooking general user events structure...

CVE-2019-6716

An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...

Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter Exploit

Google Chrome M73 - Data Race in ExtensionsGuestViewMessageFilter Exploit There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently. See the comment in the code:...

Google Chrome < M73 - MidiManagerWin Use-After-Free Exploit

Google Chrome M73 - MidiManagerWin Use-After-Free Exploit MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int,...

CVE-2018-20810

CVE-2018-20810 affects Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): session data exchanged during cluster synchronization between nodes is not properly encrypted in PCS 8.3RX before 8.3R2 and PPS 5.4RX before 5.4R2. The issue does not apply to PCS 8.1RX, PPS 5.2RX, or st...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

PT-2019-10249 · Pulse · Pulse Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 8.3RX through 8.3R1 Pulse Policy Secure PPS versions 5.4RX through 5.4R1 Description: The issue concerns the lack of proper encryption for session data between cluster nodes during cluster synchronization...

Red X appears under Synchronization State for WEM Agents

After recent upgrade of WEM Service, agents have started showing a red X under Synchronization state...

September 20, 2018—KB4457133 (Preview of Monthly Rollup)

September 20, 2018—KB4457133 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4457129 released September 11, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Address...

[SECURITY] Fedora 29 Update: systemd-239-12.git8bca462.fc29

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

[SECURITY] Fedora 28 Update: systemd-238-11.gita76ee90.fc28

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

Researchers Implant "Protected" Malware On Intel SGX Enclaves

Cybersecurity researchers have discovered a way to hide malicious code in Intel SGX enclaves, a hardware-based memory encryption feature in modern processors that isolates sensitive code and data to protect it from disclosure or modification. In other words, the technique allows attackers to...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

The vulnerability of the reposync function of the YUM package manager, which allows a hacker to create, modify, or delete any files they desire.

The vulnerability of the reposync function in the YUM package manager exists due to insufficient restrictions on the path name of the restricted access directory. Exploiting this vulnerability allows a malicious actor to create, modify, or delete any files as desired from a remote location...

Use-After-Free

Linux kernel is vulnerable to privilege escalation. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKETV3 ring buffer. A local user able to op...