KLA12010 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, perform cross-site scripting attack, spoof user interface, execute arbitrary code, bypass security restrictions. Bel...

Resourcexpress Qubi3 Information Disclosure Vulnerability

Resourcexpress Qubi3 is a conference room booking device from Resourcexpress UK. A security vulnerability exists in QED ResourceXpress Qubi3 prior to version 1.40.9, which can be exploited by an attacker to obtain sensitive information through the debugging interface...

USN-4171-6: Apport regression

USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. Original advisory details: Kevin Backhouse discovered Apport would read its user-controlled settings file as...

Citrix Diagnostics Toolkit - 32bit Edition

Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. Citrix Diagnostic Toolkit x86 – C.D.T Citrix Diagnostic Toolkit x86...

Citrix preSCAN Tool

About This Release This is an early technical preview release v1.0.0.2 of the preSCAN tool. This release has not been tested extensively and is not supported. Please send any feedback using the link in Contact Information section. Where to download ? Certain legacy Citrix tools are now available ...

Mail.ru: Disk-o Cloud application (Windows) does not validate server certificate on a TLS connection

A debugging/staging functionality disabling TLS certificate check was accidentally enabled in production code for Disk-O 20.10.0133, fixed in version 20.11.0006. 21.04 version adds integrity check for update process...

Low: Red Hat Security Advisory: libpcap security, bug fix, and enhancement update

An update for libpcap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Low: libpcap security, bug fix, and enhancement update

The libpcap packages provide a portable framework for low-level network monitoring. The libpcap library provides network statistics collection, security monitoring, and network debugging. The following packages have been upgraded to a later upstream version: libpcap 1.9.1. BZ1806422 Security Fixe...

Widevine-L3-Decryptor - A Chrome Extension That Demonstrates Bypassing Widevine L3 DRM

Widevine is a Google-owned DRM system that's in use by many popular streaming services Netflix, Spotify, etc. to prevent media content from being downloaded. But Widevine's least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software i.e no hardware TEEs,...

java-1.8.0-openjdk security update

1:1.8.0.272.b10-0 - Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 - Resolves: rhbz1876665 1:1.8.0.272.b10-0 - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add...

java-1.8.0-openjdk security and bug fix update

1:1.8.0.272.b10-1 - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - Resolves: rhbz1876665 1:1.8.0.272.b10-0 - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of...

Apple iOS Arbitrary Code Execution Vulnerability (CNVD-2020-59479)

Apple iOS is an operating system for mobile devices developed by Apple Inc. in the United States. A security vulnerability exists in Apple iOS. The vulnerability stems from the fact that Apple Xcode could allow an authenticated remote attacker to execute arbitrary code on the system. By tricking ...

Dynamic Data Resolver - Version 1.0.1 beta

By Holger Unterbrink. Cisco Talos is releasing a new beta version of Dynamic Data Resolver DDR today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented. We also fixed a few bugs and memory leaks. Another...

CVE-2020-9992

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...

IAmTheKing and the SlothfulMedia malware family

On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with...

Command Execution Vulnerability in Network Debugging Interface of Tianqing Security Isolation and Information Exchange System

Tianqing Security Isolation and Information Exchange System is the access control switch equipment with network isolation technology independently developed by Qixing Information Technology Co., Ltd, which provides high security isolation protection for key data. A command execution vulnerability...

CVE-2020-26606

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...

CVE-2020-26606

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...

Command injection

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...

CVE-2020-26606

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...