SUSE-SU-2020:2947-1 Security update for gcc10, nvptx-tools

This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgccs1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can...

Heightened Awareness for Iranian Cyber Activity

Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service DDoS attacks, and theft of personally identifiable information PI...

Wsb-Detect - Tool To Detect If You Are Running In Windows Sandbox ("WSB")

wsb-detect enables you to detect if you are running in Windows Sandbox "WSB". The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox WSB for short. The...

Palo Alto Networks PAN-OS VPN Enabled Detection

Binary data paloaltovpnenableddetect.nbin...

VulnCheck KEV: CVE-2020-15893

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play UPnP is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target ST field of the SSDP M-SEARCH discover packet...

git-lfs Remote Code Execution

/ Go PoC exploit for git-lfs - Remote Code Execution RCE vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go Discovered by Dawid Golunski https://legalhackers.com https://exploitbox.io Affected RCE exploit: Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken / SmartGit /...

CVE-2020-1673

Insufficient Cross-Site Scripting XSS protection in Juniper Networks J-Web and web based HTTP/HTTPS services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Junip...

Moderate: Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update

Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

The U.S. Secret Service Selects Tom Kellermann to Serve on Inaugural Cyber Investigations Advisory Board

Cybersecurity has become a recurring global news headline. From ransomware to data breaches, cyberattacks continue to be one of the biggest threats to both the private and public sectors. Earlier this year, the FBI reported a 400 percent increase in cybercrime1. And for the public sector, this is...

CVE-2020-3668

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

Open-Xchange: Failed assert in `mail_index_transaction_lookup`

To reproduce, run test suite on following input : require"vnd.dovecot.testsuite";require "fileinto";require "mailbox";test"" fileinto:create "Folder"; if testresultexecute testmessage:folder "Folder" 2; Output is with ASAN enabled stack trace testsuite: Panic: file mail-index-transaction-update.c...

CVE-2019-11855

An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9...

Smart Lock Vulnerability

Yet another Internet-connected door lock is insecure: Sold by retailers including Amazon, Walmart, and Home Depot, U-Tec's $139.99 UltraLoq is marketed as a "secure and versatile smart deadbolt that offers keyless entry via your Bluetooth-enabled smartphone and code." Users can share temporary...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

GHSA-XW5P-HW6R-2J98 Denial of service in fastify

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion when the allErrors option is used with specially crafted schemas...

UBUNTU-CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

CVE-2020-10731

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

Here’s Why Credit Card Fraud is Still a Thing

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Heres a look at the havoc tha...

SUSE-SU-2020:1417-2 Security update for freetds

This update for freetds to 1.1.36 fixes the following issues: Security issue fixed: - CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 bsc1141132. Non-security issues fixed: - Enabled Kerberos support - Version upda...