`array!` macro is unsound in presence of traits that implement methods it calls internally

Affected versions of this crate called some methods using auto-ref. The affected code looked like this. rust let mut arr = $crate::core::mem::MaybeUninit::uninit; let mut vec = $crate::ArrayVec::::newarr.asmutptr as mut T; In this case, the problem is that asmutptr is a method of &mut MaybeUninit...

Parsec - Secure Cloud Framework

Homepage: https://parsec.cloud Documentation: https://parsec-cloud.readthedocs.org. Parsec is a free software AGPL v3 aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access an...

Security update for bouncycastle (moderate)

openSUSE Security Update: Security update for bouncycastle Announcement ID: openSUSE-SU-2020:0607-1 Rating: moderate References: 1072697 1100694 Cross-References: CVE-2017-13098 CVE-2018-1000613 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available...

Runtime Mobile Security (RMS) - A Powerful Web Interface That Helps You To Manipulate Android Java Classes And Methods At Runtime

Runtime Mobile Security RMS , powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime. You can easily dump all the loaded classes and relative methods, hook everything on the fly, trace methods args and return value, load custom scrip...

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”...

DEBIAN-CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

UBUNTU-CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

Security update for cups (important)

openSUSE Security Update: Security update for cups Announcement ID: openSUSE-SU-2020:0555-1 Rating: important References: 1168422 Cross-References: CVE-2020-3898 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for cups fixes...

The passwordless present: Will biometrics replace passwords forever?

When it comes to securing your sensitive, personally identifiable information against criminals who can engineer countless ways to snatch it from under your nose, experts have long recommended the use of strong, complex passwords. Using long passphrases with combinations of numbers, letters, and...

QRadar Community Edition 7.3.1.6 Path Traversal

------------------------------------------------------------------------ QRadar session manager path traversal vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2019...

PowerShell-Suite

This is an exploit module/toolkit targeting Windows UAC User Account Control bypass. The module, named "Bypass-UAC," provides a framework for performing UAC bypasses based on auto-elevating IFileOperation COM object method calls. It implements a function that rewrites PowerShell's PEB Process...

Security update for gnuhealth (moderate)

openSUSE Security Update: Security update for gnuhealth Announcement ID: openSUSE-SU-2020:0534-1 Rating: moderate References: 1167126 1167128 Affected Products: openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be installed. Description: This update for gnuhealth fixes...

Security update for gstreamer-rtsp-server (moderate)

openSUSE Security Update: Security update for gstreamer-rtsp-server Announcement ID: openSUSE-SU-2020:0535-1 Rating: moderate References: 1168026 Cross-References: CVE-2020-6095 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now...

MS16-107: Description of the security update for Word Automation Services on SharePoint Server 2013: September 13, 2016

MS16-107: Description of the security update for Word Automation Services on SharePoint Server 2013: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more...

Security update for permissions (moderate)

openSUSE Security Update: Security update for permissions Announcement ID: openSUSE-SU-2020:0511-1 Rating: moderate References: 1168364 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for permissions fixes the following...

Arbitrary Code Execution

httpha-invoker is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the transmit methods xmit for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets RDS...

PT-2020-6938 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jQuery versions 2.2.0 through 3.5.0 Description: The issue is related to Cross Site Scripting vulnerability, which allows a remote attacker to execute arbitrary code via the element. Passing HTML containing elements from untrusted sources to...

October 2016 Preview of Monthly Quality Rollup for Windows Server 2012

October 2016 Preview of Monthly Quality Rollup for Windows Server 2012 The October 2016 Preview of Monthly Quality Rollup includes improvements and fixes for the Windows Server 2012 platform. We recommend that you apply this quality rollup as part of your regular maintenance routines. Improvement...

Update to support the new currency symbol for the Russian ruble in Windows

Update to support the new currency symbol for the Russian ruble in Windows About this update After you apply this update, the new Russian ruble symbol can be input by using the physical keyboard, Windows on-screen keyboard osk.exe, or Tablet PC Input Panel Tabtip.exe in Windows 8.1, Windows RT 8....