Security update for rubygem-puma (moderate)

openSUSE Security Update: Security update for rubygem-puma Announcement ID: openSUSE-SU-2020:1001-1 Rating: moderate References: 1172175 1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now...

Security update for permissions (moderate)

openSUSE Security Update: Security update for permissions Announcement ID: openSUSE-SU-2020:0957-1 Rating: moderate References: 1171883 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for permissions fixes the following...

Looks Like Russian Hackers Are on an Email Scam Spree

A group dubbed Cosmic Lynx uses surprisingly sophisticated methods—and targets big game...

jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

Security update for bluez (moderate)

openSUSE Security Update: Security update for bluez Announcement ID: openSUSE-SU-2020:0872-1 Rating: moderate References: 1166751 Cross-References: CVE-2020-0556 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for bluez fixes...

hw: L1D Cache Eviction Sampling

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...

hw: L1D Cache Eviction Sampling

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...

CVE-2020-14932

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. Recent assessments: kevthehermit at June 20, 2020 5:17pm UTC reported: tldr The use of unserialize in PHP that accepts user data. There is no...

Sandbox Restrictions Bypass

jenkins-pipeline-groovy-plugin is vulnerable to sandbox restrictions bypass. An attacker is able to bypass the sandbox protection through default parameter expressions in CPS-transformed methods...

The vulnerability of the relational SQL database HSQLDB, related to the exposure of static Java methods, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the relational SQL database HSQLDB is related to the exposure of static Java methods. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause service failures...

openSUSE: Security Advisory for file-roller (openSUSE-SU-2020:0825-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

jenkins-pipeline-groovy-plugin: sandbox protection bypass through default parameter expressions in CPS-transformed methods

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods...

Security update for libupnp (moderate)

openSUSE Security Update: Security update for libupnp Announcement ID: openSUSE-SU-2020:0821-1 Rating: moderate References: 1172625 Cross-References: CVE-2020-13848 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update f...

'Lamphone' Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are...

PT-2020-2739 · Microsoft · Windows Error Reporting +1

Name of the Vulnerable Software and Affected Versions: Windows Error Reporting affected versions not specified Description: The issue is related to the handling of hard links by the Windows Error Reporting service in Windows operating systems. It allows an attacker to elevate their privileges. To...

Servicing stack update for Windows 10: June 9, 2020

Servicing stack update for Windows 10: June 9, 2020 Applies to Windows 10 for 32-bit Systems Windows 10 for x64-based Systems SummaryThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates SSU makes sure that you...

Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to John Donovan, head of security at Malwarebytes, and Adam Kujawa, director of Malwarebtyes Labs, about securely working from home WFH. With shelter-in-pla...

Security update for axel (moderate)

openSUSE Security Update: Security update for axel Announcement ID: openSUSE-SU-2020:0778-1 Rating: moderate References: 1172159 Cross-References: CVE-2020-13614 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for axel fixes...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

CVE-2020-10134

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedure...