Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1266)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1266)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In QEMU 3.0.0, tcpemu in slirp/tcpsubr.c has a heap-based buffer overflow.CVE-2019-6778 - A flaw was found in QEMU's...

$100K Paid Out for Google Cloud Shell Root Compromise

Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...

Secure Mail on iOS opens for about 5 seconds then crashes

When Secure Mail opens all looks ok, after about 5 seconds the app crashes. Just for one user regardless of iOS device...

SUSE-SU-2020:14291-1 Security update for openssl1

This update for openssl1 fixes the following issues: - Add missing commits fixing the security issue called 'The 9 Lives of Bleichenbacher's CAT'. bsc1117951 - Fix a memory problem in 'BNcopy'. bsc1160163...

File type association for Microsoft Edge browser broken after Edge upgrade

File type association no longer works for Microsoft Edge after upgrading the built-in default instance of Microsoft Edge included in your particular version of the Windows 10 operating system to a more recent version...

UPM doesn't work randomly after VDA is rebooted

Intermittently UPM profile does not load, if user login immediately after the reboot...

FreeBSD : grub2-bhyve -- multiple privilege escalations (9d6a48a7-4dad-11ea-8a1d-7085c25400ea)

Reno Robert reports : FreeBSD uses a two-process model for running a VM. For booting non-FreeBSD guests, a modified grub-emu is used grub-bhyve. Grub-bhyve executes command from guest grub.cfg file. This is a security problem because grub was never written to handle inputs from OS as untrusted. I...

Wacom Tablet Data Exfiltration Raises Security Concerns

The Wacom digital drawing tablet appears to be silently exfiltrating user data, according to an investigation by software engineer Robert Heaton – and the company responded on Friday, downplaying the report. However, security researchers say the tablets still pose a risk and a privacy problem...

CVE-2019-19527

A vulnerability was found in hiddevopen in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddevlist cleanup occurs at failure, as this may lead to a use-after-free...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2019-2352)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2020:0099-1)

This update for openssl-11 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli bsc1158809. CVE-2019-1563: Fixed bleichenbacher attack against cms/pkcs7 encryptioon transporte...

CVE-2015-3150

abrt-dbus in Automatic Bug Reporting Tool ABRT allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the 1 ChownProblemDir, 2 DeleteElement, or 3 DeleteProblem method...

Nord Security: Password Reset Link Works Multiple Times

Background: Normally, a secure way to handle password reset links is to invalidate the link/token upon usage. Additionally, if multiple reset links are requested, older & unused tokens should also be invalidated i.e., if 2 reset tokens were requested, the 2nd token should be invalid upon your usa...

Published app sessions not ending due to WEM UI agent appearing in the system tray

In configuration sets where the WEM UI agent is configured to launch for both server desktop and app sessions, published app sessions remain connected after closing the published app. Checking the Connection Center in Citrix Receiver, the WEM agent icon is listed as the only connection back to th...

Issue: Unable to create a new vDisk

Error: BSOD error "SYSTEMTHREADEXCEPTIONNOTHANDLED CVhdMp.sys" Error appears while booting the target device from network during imaging process. Issue on Windows 10 1709 vDisks...

MGASA-2020-0019 Updated freeimage packages fix security vulnerabilities

The updated packages fix security vulnerabilities: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow...

License Server does not recognize license file

Installed licenses not showing up on the License Administration Console or Licensing Manager...

5 Reasons Why Programmers Should Think like Hackers

Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It's a meticulous process that cannot be completed without going through all the essential points. In all of these,...

Password field not displayed for published apps in Windows Server 2019

When publishing any O365 app such as Excel or Word, users are prompted to authenticate to Office 365 to activate the app. Password field is not rendered when the app is published so users can never authenticate. This also occurs with RDP initial app. Microsoft has reproduced the issue with using...