CVE-2020-0441

In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for...

CDFMonitor

NOTE : CDFMonitor is now deprecated, to capture trace as service use - https://support.citrix.com/article/CTX677255/citrix-cdfcontrol-as-service Please note: You can download the required file from the Citrix downloads website by visiting the following...

Security update for otrs (moderate)

openSUSE Security Update: Security update for otrs Announcement ID: openSUSE-SU-2020:1888-1 Rating: moderate References: 1178434 Cross-References: CVE-2020-11022 CVE-2020-11023 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An...

Security update for virt-bootstrap (moderate)

openSUSE Security Update: Security update for virt-bootstrap Announcement ID: openSUSE-SU-2020:1856-1 Rating: moderate References: 1140750 Cross-References: CVE-2019-13314 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

[SECURITY] Fedora 32 Update: fastd-21-1.fc32

fastd is a secure tunneling daemon with some unique features: - Very small binary about 100KB on OpenWRT in the default configuration, including all dependencies besides libc - Exchangable crypto methods - Transport over UDP for simple usage behind NAT - Can run in 1:1 and 1:n scenarios - There a...

[SECURITY] Fedora 31 Update: fastd-21-1.fc31

fastd is a secure tunneling daemon with some unique features: - Very small binary about 100KB on OpenWRT in the default configuration, including all dependencies besides libc - Exchangable crypto methods - Transport over UDP for simple usage behind NAT - Can run in 1:1 and 1:n scenarios - There a...

[SECURITY] Fedora 33 Update: fastd-21-1.fc33

fastd is a secure tunneling daemon with some unique features: - Very small binary about 100KB on OpenWRT in the default configuration, including all dependencies besides libc - Exchangable crypto methods - Transport over UDP for simple usage behind NAT - Can run in 1:1 and 1:n scenarios - There a...

The vulnerability of the jQuery library arises from insufficient cleaning of data provided by users when elements of the <option> type are passed. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the jQuery library exists due to insufficient cleaning of the data provided by the user when elements with the tag are passed to jQuery’s DOM methods. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

Security update for pacemaker (important)

openSUSE Security Update: Security update for pacemaker Announcement ID: openSUSE-SU-2020:1782-1 Rating: important References: 1167171 1173668 1175557 1177916 Cross-References: CVE-2020-25654 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has three fixes is now...

Security update for hunspell (low)

openSUSE Security Update: Security update for hunspell Announcement ID: openSUSE-SU-2020:1719-1 Rating: low References: 1151867 Cross-References: CVE-2019-16707 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for hunspell fix...

FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft

Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN or financially motivated threat group for the first time since 2017. We have detailed FIN11's various tactics, techniques and procedures in a report that is available now by signing up for Mandiant Advantage Free. In...

Enter the Vault: Authentication Issues in HashiCorp Vault

Posted by Felix Wilhelm, Project Zero Introduction In this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services AWS and Google Cloud Platform GCP. These issues can lead to an authentication bypass in configurations that use the aws and gcp aut...

PYSEC-2020-223

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

Design/Logic Flaw

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

CVE-2020-13952

Apache Superset CVE-2020-13952 affects all versions

Exploitability Analysis: Smash the Ref Bug Class

In April 2020, security researcher Gil Dabah published a paper on a set of vulnerabilities he had discovered within the Win32k subsystem of the Windows operating system. These vulnerabilities demonstrated instances of a new class of bugs, dubbed “Smash the Ref.” Dabah’s research included 13 test...

PT-2020-13800 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 0.37.2 Description: The issue allows authenticated users running queries against Hive and Presto database engines to access sensitive information, including the contents of query description metadata database...

CVE-2020-5930

In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods...

Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

...

Security update for libqt4 (moderate)

openSUSE Security Update: Security update for libqt4 Announcement ID: openSUSE-SU-2020:1530-1 Rating: moderate References: 1118595 1118596 1118599 1121214 1176315 Cross-References: CVE-2018-15518 CVE-2018-19869 CVE-2018-19873 CVE-2020-17507 Affected Products: openSUSE Backports SLE-15-SP2 An upda...