Updated perl-DBD-mysql packages fix security vulnerabilities

Updated perl-DBD-mysql package fixes security vulnerabilities: The DBD::mysql Perl module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering certain error responses from a MySQL...

Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4

Spectre and Meltdown fixes for Intel chips announced in March, to be embedded into new CPUs, do not address the newly disclosed Variant 4, sources said. Intel introduced hardware-based safeguards to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry...

Vaultize Enterprise File Sharing Cross-Site Scripting Vulnerability

Vaultize Enterprise File Sharing is an enterprise file sharing solution from Vaultize Technologies, USA. The solution includes features such as data retention management, versioning, secure data handling, data backup and recovery. A cross-site scripting vulnerability exists in Vaultize Enterprise...

CVE-2018-10206

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...

PT-2018-9752 · Vaultize · Vaultize Enterprise File Sharing

Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows for Stored XSS via the optional message field of a file request. Recommendations: For Vaultize Enterprise File Sharing version 17.05.31, consid...

Peanalyzer - Advanced Portable Executable File Analyzer And Disassembler

Advanced Portable Executable File Analyzer Python 3.6.4 Tested Working Usage python pyanalyzer.py --file file.exe --show all python pyanalyzer.py --file file.exe --disassemble all Video Dos Header File Header Optional Header Section Headers...

CVE-2018-4910

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

Heap overflow

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

SUSE-SU-2018:0385-1 Security update for libvirt

This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS bsc1076500. These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen's...

IDAsec - IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform

IDA plugin for reverse-engineering and dynamic interactions with the Binsec platform Features Decoding an instruction in DBA IR Loading execution traces generated by Pinsec Triggering analyzes on Binsec and retrieving results Dependencies protobuf ZMQ capstone for trace disassembly graphviz to dr...

November 27, 2017—KB4051034 (Preview of Monthly Rollup)

November 27, 2017—KB4051034 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4048957 released November 14, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addressed...

Lynis 2.5.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

ALPINE-CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL...

DEBIAN-CVE-2017-14032

ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL...

PT-2017-13212

Name of the Vulnerable Software and Affected Versions mbed TLS versions prior to 1.3.21 mbed TLS versions 2.x prior to 2.1.9 Description The issue allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates, but only if optional authentication is...

DirectDefense Incorrectly Asserts Architectural Flaw in Cb Response

Today, a blog was released that incorrectly asserts an architectural flaw in Cb Response that leaks customer data. In fact, this is an optional feature turned off by default to allow customers to share information with external sources for additional ability to detect threats. Cloud-based,...

Dracnmap v2.2 - Exploit Network and Gathering Information with Nmap

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the...

May 16, 2017—KB4019265 (Preview of Monthly Rollup)

May 16, 2017—KB4019265 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4019264 released May 9, 2017 and also includes this new quality improvement as a preview of the next Monthly Rollup update: Address...

April 18, 2017—KB4015552 (Preview of Monthly Rollup)

April 18, 2017—KB4015552 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4015549 released April 11, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update:...

Default credentials

DISPUTED Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor...