FreeBSD : pngcheck -- Buffer-overrun vulnerability (13ca36b8-6141-11eb-8a36-7085c2fb2c14)

The libpng project reports : pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used. Both bugs are fixed in version 3.0.1, released on 24 January 2021...

pngcheck -- Buffer-overrun vulnerability

The libpng project reports: pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used. Both bugs are fixed in version 3.0.1, released on 24 January 2021...

Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 - TLS Handshake fails with "Unknown CA"

After upgrading ADM to latest build 13.0-71.40 External Authentication fails when LDAP Server is configured using Security type SSL and TLS. When retrieving Attributes on LDAP Server config from ADM GUI throw this error :: "LDAP IP Address or Port Number provided is invalid." Network trace shows...

Common issues when trying to access Citrix Cloud Admin Portal

When trying to access the Citrix cloud portal as an administrator you may encounter issues if the account has not been properly onboarded or configured. Symptoms "Unable to process your request" on Citrix Cloud Portal Display of FAKE FAKE under orgID after login Receiving "Sorry, that link isn't...

PT-2021-03: Apple Pay authentication and fields validation issues

Apple allows payments using Transport Card for amount0.00, without implementing proper authentication to ensure that only dedicated transport terminals were used for paying on locked or uncharged iPhones. Advisory status: October, 2021 - Vendor notification date Credits: Timur Yunusov...

OPENSUSE-SU-2020:1929-1 Security update for chromium

This update for chromium fixes the following issues: Update to 86.0.4240.198 boo1178703 - CVE-2020-16013: Inappropriate implementation in V8 - CVE-2020-16017: Use after free in site isolation Update to 86.0.4240.193 boo1178630 - CVE-2020-16016: Inappropriate implementation in base...

StressPrinters

Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools StressPrinters Version 1.3.2 Created date: 03/30/2006 Modified date: 6/19/2013 Description Many printer driver problems in Terminal...

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context o...

Error: "Socket Operation on Non-Socket" and "Error 1030" When Launching Apps and Desktop Through NetScaler Gateway

1030 error when launching apps and desktop through NetScaler Gateway. Error "Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. Socket operation on non-socket" when launching apps through NetScaler Gateway...

Jira Service Desk permissions error dialog allows Project Admins to upgrade the permission scheme

h3. Issue Summary For a specific use case, only some selected users may create issues using the Portal, so the permission to create issues by "Service Desk Customer - Portal" was removed. After the Permission change, Project Administrators, that should not have access to change the...

A "DFUR-ent" Perspective on Threat Modeling and Application Log Forensic Analysis

Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let's face it, finding evil in application...

Seny Kamara on "Crypto for the People"

Seny Kamara gave an excellent keynote talk this year at the online CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of crypto problems for governments and corporations. Well worth watching and listening to...

Elastic layers are disconnected and not accessible in session host

Environment before 20.52005 observed theElastic layers were disconnected on the VDA abruptly and were not available for exiting user connections or for new users.. The below errors are seen though the layers had been attached by a prior domain user. --ulayersvc.log-- 2020-03-23 13:23:02,140 WARN...

SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

openSUSE Security Update : singularity (openSUSE-2020-1011)

This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

OPENSUSE-SU-2020:0709-1 Security update for opera

This update for opera fixes the following issues: Opera was updated to version 68.0.3618.104 - CHR-7909 Update chromium on desktop-stable-81-3618 to 81.0.4044.138 - CVE-2020-6831, CVE-2020-6464 - DNA-85609 Mac Tabs shrinking & disappearing - DNA-85629 Crash at...

HackerOne: Subdomain takeover of resources.hackerone.com

Hello, I just went to https://resources.hackerone.com/ and it shows an error "Non-hub domain, The URL you've accessed does not provide a hub. Please check the URL and try again." also i've checked the CNAME is poiting to read.uberflip.com which means if it is not added it can be added to any...

Timezone on Clients Running Windows 10 Changes in Citrix VDI from US-EDT to "Caracas" time

Current Timezone is UTC - 05:00 US & Canada - When end users log into a Citrix VDI Windows 7 desktop using a Windows 10 client/host the timezone switches to UTC - 04:00 Caracas. This causes problem with Calendar appointments getting booked in the wrong time zone and being 1/2 hour behind. If we...

Issues that are fixed in System Center 2012 R2 Operations Manager Update Rollup 1

Issues that are fixed in System Center 2012 R2 Operations Manager Update Rollup 1 Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center 2012 R2 Operations Manager. Additionally, this article contains the installation instructions for Update...

System Center 2012 Operations Manager SP1 Update Rollup 5

System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...