ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

Easy WP SMTP v1. 3. 9）0 day vulnerability is being attacked in the process and reproducibility-vulnerability warning-the black bar safety net

Foreword Your own blog site with wordpres hosting, last month found some abnormalities. 3.12 days, the mailbox explosion, received more than 100 letter on the site is the blasting of the notification mail. ! Day to see also not strange, because before it appeared such a situation, every day there...

Published Applications or Desktops Do not Launch or Disappear during Launch

Published Applications or Desktops don’t launch, or disappear during launch. There are no errors presented to the user, and nothing in the Event Log of the XenApp server or VDA hosting the application. The issue can present2 different symptoms: The application appears to launch then...

Code injection

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device...

CVE-2019-11538

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device...

CVE-2019-11538

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device...

CVE-2019-11538

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device...

SUSE-SU-2019:0888-2 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2018-17199: A bug in Apache's 'modsessioncookie' lead to an issue where the module did not respect a cookie's expiry time. bsc1122839 CVE-2019-0220: The Apache HTTP server did not use a consistent strategy for URL normalization throughout...

[Citrix Receiver 4.9.5000 for Windows] - Display Issues when user re-docks their Notebook on the docking station and reconnecting to Citrix Session with Multiple Monitors

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Scenario : Users using notebooks and working with full screen sessions without desktop viewer to access...

[Workspace App for Windows] - Display Issues when user re-docks their Notebook on the docking station and reconnecting to Citrix Session with Multiple Monitors

Scenario : Users using notebooks and working with full screen sessions without desktop viewer to access their Citrix session, aka mobile thin client. The users usually have a docking station and two identical monitors at their workplace. When these users come back from a meeting and re-dock into...

D-Link DIR-825 Information Disclosure Vulnerability

D-Link DIR-825 devices are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2019-0072 Updated dovecot packages fix security vulnerability

CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field sslcertusernamefield, under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing...

Cannot create App Layering image for MCS in Azure, hangs during Windows Setup.

To deploy an MCS image to Azure, you decide to use the Azure connector in App Layering. This produces a virtual disk that is primed to run through Windows Setup. You attach it to a VM, power it on, and find that Windows Setup never completes. If you look at the console screen shot in the debuggin...

App Layering 4.10 - Duplicate-computers-in-the-Sophos console

PROBLEM DESCRIPTION: Duplicate computers in the Sophos console Attaching screenshots of the behavior:...

Cannot connect to company network" when accessing O365 accounts

Citrix documentation indicates Secure Mail is supposed to support an MS hosted O365 back end account but user is unable to get a known good O365 account to function with Secure Mail. That same account works fine either via the web or via the Mobile Outlook App but I cannot get it to connect when...

CVE-2019-6455

An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function recmsetelemdestroy in the file rec-mset.c...

CVE-2019-6461

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function cairoarcindirection in the file cairo-arc.c...

CVE-2019-6455

An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function recmsetelemdestroy in the file rec-mset.c...

CVE-2019-6461

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function cairoarcindirection in the file cairo-arc.c...

CVE-2019-6461

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function cairoarcindirection in the file cairo-arc.c...