CVE-2020-27780

A flaw was found in Linux-PAM in the way it handles empty passwords for non-existing users. When the user doesn't exist, PAM tries to authenticate with root and with an empty password, authentication is successful. The highest threat from this vulnerability is to confidentiality, integrity, as we...

openSUSE Security Update : gdm (openSUSE-2020-1961)

This update for gdm fixes the following issues : - Exit with failure if loading existing users fails bsc1178150 CVE-2020-16125. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2020-13927

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...

CVE-2020-13927

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...

Default configuration

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...

EulerOS 2.0 SP5 : keepalived (EulerOS-SA-2020-1919)

According to the version of the keepalived package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local...

Migrating to Android Enterprise from Legacy Device Administrator Mode

After Secure Hub 20.11 release,Device Administrator enrollments for Android 10 devices will not be able to use the following policies: DISABLECAMERA DISABLEKEYGUARDFEATURES EXPIREPASSWORD LIMITPASSWORD This will affect all MDM vendors, as Google will be deprecating these APIs. Please note : this...

Security feature bypass

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules...

CVE-2017-18658

An issue was discovered on Samsung mobile devices with M6.0 software. The multiwindowfacade API allows attackers to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 August 2017...

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to impersonate an existing user.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability allows a malicious actor to impersonate an existing user...

Dropbox: Local Privilege Escalation on Dropbox Desktop for Windows

This report describes a local privilege escalation in the Dropbox automatic updater process on Windows. It would allow a malicious actor who had already gained non-admin access to a Windows computer to obtain admin privileges, if Dropbox had previously been installed with admin privileges. This...

FAQ: Licensing for Disaster Recovery Servers

Q: Can existing licenses in the production environment be used for a Disaster Recovery Server? A: Yes, it is possible to use the same server/farm licenses in another server/farm if it is a disaster recovery server/farm. Q: Can both Production and Disaster Recovery servers run simultaneously? A: N...

CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

DEBIAN-CVE-2019-14896

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service system crash or, possibly execute arbitrary code, when the lbsibssjoinexisting function is called after a STA connects to...

PT-2019-5129 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version kernel-2.6.32 Description: A stack-based buffer overflow was found in the Linux kernel's Marvell WiFi chip driver. This issue can cause a denial of service system crash or possibly allow the execution of arbitrary code wh...

Arbitrary File Overwrite

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs...

AppTrana — Website Security Solution That Actually Works

Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines. In January 2019 alone, 1.76 billion records were leaked, and according to IBM's Data Breach study, the average cost of each lost or stolen record has reached about $148. Most of...

PT-2019-12364 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 9.0RX before 9.0R3.4 Pulse Connect Secure versions 8.3RX before 8.3R7.1 Pulse Connect Secure versions 8.2RX before 8.2R12.1 Description: The issue affects users of SAML authentication with the Reuse Existing NC...

CVE-2019-11471

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::setalphachannel in heifcontext.h because heifcontext.cc mishandles references to non-existing alpha images...

CVE-2019-9939

The SHAREit application before 4.0.36 for Android allows a remote attacker on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requeste...