DEBIAN-CVE-2017-12912

The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file...

kernel: ping socket / AF_LLC connect() sin_family race

A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system...

DEBIAN-CVE-2017-12691

The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service memory consumption via a crafted file...

ARM mbed TLS Authentication Bypass Vulnerability

ARM mbed TLS is a product that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in ARM mbed TLS that allows remote attackers to submit specially crafted requests to bypass authentication and gain unauthorized access...

Siemens 7KM PAC Switched Ethernet Denial of Service Vulnerability

7KM PAC Switched Ethernet is a switched Ethernet device from Siemens, Germany. A denial of service vulnerability exists in the 7KM PAC Switched Ethernet PROFINET Extension Module versions prior to 2.1.3, which allows an attacker to trigger a denial of service condition via specially crafted...

User Layer is Out of Space. How Do I Find Out Where the Space Has Gone?

If your user layer is out of space and you need to figure out where the space is going as opposed to simply expanding the User Layer disks with https://support.citrix.com/article/CTX222095, orhttps://support.citrix.com/article/CTX226688for Unidesk version 2, you will need to examine the User Laye...

Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic

Researchers have come up with a way to blind ISPs and attackers in a man-in-the-middle position to network traffic emanating from smart home devices. Smart devices such as sleep monitors, electric switches, security cameras and many others require an internet connection to function properly. They...

App Layering/Unidesk V2/V3: Recovering files directly from the User Layer disks when a desktop machine cannot boot

When a desktop will not boot up or the Unidesk tasks for it consistently fail, it is possible to recover the user's data by copying it directly from the User Layer VMDK or VHDXfiles. You might want to do this if you think the desktop is unrecoverable, but also if you think the user will need thei...

BSA-2017-362

Security Advisory ID : BSA-2017-362 Component : Apache Revision : 1.0: Interim In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26,modsslmay dereference a NULL pointer when third-party modules callaphookprocessconnection during an HTTP request to an HTTPS port. Affected Products Brocade is...

The list of Windows Updates is usually wrong in app/platform layers and published images/desktops

The Windows Update history is correct only in the layer where the updates were actually installed. So you can only rely on the displayed list of Windows Updates when you are editing the OS layer, because Windows Updates must always be installed in the OS Layer. Similarly, you can only rely on the...

Unspecified vulnerability in Elasticsearch X-Pack Security TLS trust manager

Elasticsearch X-Pack is an extension of Elastic Stack log analysis system from the Dutch company Elasticsearch.Security TLS trust manager is one of the security certificate managers. A security vulnerability exists in Elasticsearch X-Pack Security TLS trust manager versions 5.0.0 through 5.5.1. N...

App Layering: Error while finalizing a layer version: "Layer volume label does not follow the required format.

When finalizing a layer version of an OS, App or Platform Layer, the task errors out with this message and returns you to the packaging machine: "An error occurred while finalizing version 'Aug2017' of Layer 'MyLayer'. Please address this issue and retry: Layer volume label does not follow the...

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients...

App Layering error "A failure occurred while publishing the Layered Image: "Failed scanning a directory for files” because of Microsoft.MicrosoftOfficeHub

App Layering 4.0 - 4.5: The Enterprise Layer Manager ELM fails while publishing an image. Error:"A failure occurred while publishing the Layered Image. Failed scanning a directory for files" Unidesk 2.x/3.x: The CachePoint Appliance fails while creating a desktop. Error: "Failed to copy folders...

DEBIAN-CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

The vulnerability of the web interface of Cisco Adaptive Security Appliance’s microprogramming software allows a hacker to obtain user credentials.

The vulnerability of the web interface of Cisco Adaptive Security Appliance microprogramming software is related to the lack of protection for service data during interactions with the SSL Connection Profile using the LDAP protocol. Exploiting this vulnerability can allow a malicious actor to...

2.x - Increasing the User Layer size for a Persistent Desktop

C drive of a 2.x desktop is running low on space...

Visualize network Topologies From pcap Files: PcapViz

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

4car.standvirtual.com XSS vulnerability

Vulnerable URL: https://4car.standvirtual.com/?q=%27%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E%5Bcategoryid%5D=%5Border%5D=createdat%3Adesc Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...

RestKit TLS Server Spoofing Vulnerability

Restkit is a Python HTTP resource kit developed by software developer Benoit Chesneau. A security vulnerability exists in Restkit. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack and spoof a TLS server...