SUSE CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system's configuration, which also includes some debug functions...

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies

The U.S. Department of Justice DoJ on Friday announced that five individuals have pleaded guilty to assisting North Korea's illicit revenue generation schemes by enabling information technology IT worker fraud in violation of international sanctions. The five individuals are listed below - Audric...

EUVD-2014-2057

Malware in sbrugna...

EUVD-2021-17825

Malware in sbrugna...

EUVD-2018-17238

Malware in sbrugna...

EUVD-2021-17730

Malware in sbrugna...

EUVD-2000-0474

Malware in sbrugna...

EUVD-2023-28508

Malicious code in bioql PyPI...

TencentOS Server 4: gnome-shell (TSSA-2025:0130)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0130 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2023-42935

An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6.4. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen...

CVE-2021-30813

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS...

CVE-2020-1787

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139C00E133R3P1 have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an...

📄 BeyondTrust Privileged Remote Access 24.3 Takeover

BeyondTrust Privileged Remote Access PRA version 24.3 suffers a privileged login takeover vulnerability due to a passwordless ssh tunnel. === Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access PRA Subject: PRA connection takeover...

[SECURITY] Fedora 41 Update: tigervnc-1.15.0-2.fc41

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

[SECURITY] Fedora 42 Update: tigervnc-1.15.0-2.fc42

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

[SECURITY] Fedora 40 Update: tigervnc-1.15.0-2.fc40

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

CVE-2025-26326

A vulnerability was identified in the NVDA Remote version 2.6.4 and Tele NVDA Remote version 2025.3.3 remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered ...

NVDA 安全漏洞

NVDA Nonvisual Desktop Access is a non-visual desktop access system open-sourced by NV Access. A security vulnerability exists in NVDA versions 2024.4.1 and 2024.4.2, which stems from the acceptance of weak passwords by the Remote Connect component, which could lead to full control of the system...

Ukraine Warns of New Phishing Campaign Targeting Government Computers

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access. The agency is tracking the activity under the name UAC-0198. More than 100 computers are...

m-privacy TightGate-Pro Code Execution / Insecure Permissions

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: m-privacy TightGate-Pro vulnerable version: Rolling Release, servers with the following package versions are vulnerable: tightgatevnc...