SUSE-SU-2022:2182-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166. - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

MGASA-2021-0406 Updated qtwebengine5 packages fix security vulnerabilities

Updated qtwebengine5 packages fix security vulnerabilities: The qtwebengine5 package has been updated to version 5.15.5, fixing several security issues in the bundled chromium code...

Etherpad 1.8.13 - Code Execution Vulnerabilities

Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of...

Argo Code Issues Vulnerabilities

Argo is an open source container native workflow engine. A code issue vulnerability exists in Argo CD versions prior to 1.8.4, which stems from the incorrect handling of Token in the util/session/sessionmanager.go file, resulting in the Token remaining valid after the user is unavailable. No...

The Untold History of America’s Zero-Day Market

The lucrative business of dealing in code vulnerabilities is central to espionage and war planning, which is why brokers never spoke about it—until now...

Debian DLA-2014-1 : vino security update

Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. The vulnerabilities referenced below are issues that have originally been reported against Debian source package libvncserver. The vino source package in Debian ships...

SUSE-SU-2019:2868-1 Security update for samba

This update for samba fixes the following issues: Security issues fixed: - CVE-2019-14847: User with 'get changes' permission can crash AD DC LDAP server via dirsync bsc1154598. - CVE-2019-10218: Client code can return filenames containing path separators bsc1144902. - CVE-2019-14833: Fixed Accen...

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre MSRC has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019...

Pentagon Expands Bug-Bounty Program to Include Physical Systems

The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government Accountability Office GAO released a report...

SUSE-SU-2018:1998-1 Security update for mercurial

This update for mercurial fixes the following issues: Security issues fixed: - CVE-2018-13346: Fix mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data bsc1100354. - CVE-2018-13347: Fix mpatch.c that mishandles integer...

Walkr: Fitness Space Adventure - Certificates or keys found, Exported ContentProvider, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Walkr: Fitness Space Adventure published at the 'play' market has multiple vulnerabilities...

Stickman Warriors - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Stickman Warriors published at the 'play' market has multiple vulnerabilities...

Christmas - Coloring Puzzles - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Christmas - Coloring Puzzles published at the 'play' market has multiple vulnerabilities...

Doctor Kids - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Doctor Kids published at the 'play' market has multiple vulnerabilities...

Drummer Babies - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Drummer Babies published at the 'play' market has multiple vulnerabilities...

Toddlers Magic Flute - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Toddlers Magic Flute published at the 'play' market has multiple vulnerabilities...

Professional Xylophone - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Professional Xylophone published at the 'play' market has multiple vulnerabilities...

Pink Princess Nail Spa - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Pink Princess Nail Spa published at the 'play' market has multiple vulnerabilities...

Early Learning: Sequences - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Early Learning: Sequences published at the 'play' market has multiple vulnerabilities...