SUSE-SU-2018:2394-1 Security update for kgraft

This update for kgraft fixes the following issues: Add script for disabling SMT to help with the mitigation of the 'L1 Terminal Fault' issue CVE-2018-3646 bsc1099306 The script is called 'klp-kvm-l1tf-ctrl-smt' and is used for enabling or disabling SMT to mitigate the issue when this administrati...

Error: "Execute Commands failed" When Enabling AppFlow from NetScaler MAS

Enabling AppFlow from NetScaler MAS fails with the error message: Execute Commands failed. Config logs /var/mps/log/mpsconfig.log: Wednesday, 10 Jan 18 11:55:20.075 -0500 Error 1 SSH Command Timed out on Wednesday, 10 Jan 18 11:56:20.080 -0500 Error Main SSH: Failed to connect on Wednesday, 10 Ja...

Microsoft Windows: Prevent enabling lock screen camera

This test checks the setting for policy OpenVAS Vulnerability Test $Id: wincplockscreencamera.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Prevent enabling lock screen camera Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This progra...

CVE-2017-1774

IBM Security Guardium Big Data Intelligence SonarG 3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 136818...

Data Privacy Day

January 28 is Data Privacy Day DPD, an annual international effort to promote the importance of data privacy. DPD is sponsored in the United States by the National Cyber Security Alliance NCSA with the theme, Respecting Privacy, Safeguarding Data, and Enabling Trust. The NCSA Stay Safe Online...

CVE-2017-1229

IBM Tivoli Endpoint Manager IBM BigFix 9.2 and 9.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle technique...

Design/Logic Flaw

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

CVE-2017-12822

CVE-2017-12822 affects Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK prior to Sentinel LDK RTE 7.55. The NEAR-term root cause is an improper access control flaw that allows the administrative interface to be remotely enabled and disabled without authentication, potentially expanding the atta...

Suspected Ransomware Dropzone

A remote attacker could send spam e-mails including a downloader and manipulate users to manually enable them. This would allow the malicious code to run and infect the target system. This behavior has been used, among others, by ransomwares such as BadRabbit...

CVE-2016-3043

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

JVN#40613060: Multiple vulnerabilities in WNC01WH

WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains multiple vulnerabilities listed below. Denial-of-service DoS - CVE-2016-7821 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:H/Au:N/C:N/I:N/A:C| Base...

NetApp OnCommand Workflow Automation Remote Code Execution Vulnerability

NetApp OnCommand Workflow Automation is a suite of automated execution storage process management software from the U.S. company NetApp. The software provides storage configuration, storage cloning and other functions for the database or file system. A security vulnerability exists in the NetApp...

[SECURITY] Fedora 21 Update: smack-4.0.6-1.fc21

Smack is an Open Source XMPP Jabber client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices...

[SECURITY] Fedora 21 Update: smack-3.2.2-8.fc21

Smack is an Open Source XMPP Jabber client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices...

BackTrack 5 R2 Released, New Kernel, New Tools

BackTrack 5 R2 Released, New Kernel, New Tools Hacker are your Ready ? Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit...

Qchex's Fraud-Enabling Biz Gets FTC Smackdown

The Federal Trade Commission has charged those behind the shady online check service Qchex with contempt, and wants daily fines imposed on them until they give up the ghost. The group has launched a new site—a Qchex clone—with the same questionable policies that made Qchex a “dinner bell for...

Sun Secure Global Desktop / Tarantella < 4.20.983 Multiple XSS

Sun Secure Global Desktop or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms, is installed on the remote web server. According to the version reported in one of its scripts, the installation of the software on the remote host fails to sanitize...

Sun Secure Global Software / Tarantella Detection

The remote host is running Sun Secure Global Software or Tarantella, a Java-based program for web-enabling applications running on a variety of platforms. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid22478;...

DEBIAN-CVE-2004-2313

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts such as root, which allows remote attackers to guess the root password via brute force attacks...