grapheneX - Automated System Hardening Framework

grapheneX In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically...

March 12, 2019—KB4489891 (Monthly Rollup)

March 12, 2019—KB4489891 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4487024 released February 19, 2019 and addresses the following issues: Addresses an issue that may prevent the Event Viewer from showing some event...

March 12, 2019—KB4489883 (Security-only update)

March 12, 2019—KB4489883 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes the abbreviated Japanese Era names to be incorrect. Fo...

March 12, 2019—KB4489881 (Monthly Rollup)

March 12, 2019—KB4489881 Monthly Rollup Applications that do not have a manifest that indicates the correct Windows version of 6.3 may receive the scripting error, “Intl is not available”. Ensure that the applications have a manifest with the appropriate Windows version. For more information, see...

February 12, 2019—KB4486993 (Security-only update)

February 12, 2019—KB4486993 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may prevent applications that use a Microsoft Jet database...

February 12, 2019—KB4487028 (Security-only update)

February 12, 2019—KB4487028 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may prevent applications that use a Microsoft Jet database...

CVE-2019-7659

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service application abort or possibly have unspecified other impact if a server application is built with the -DWITHCOOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ librarie...

Code injection

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service application abort or possibly have unspecified other impact if a server application is built with the -DWITHCOOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ librarie...

CVE-2019-7659

Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service application abort or possibly have unspecified other impact if a server application is built with the -DWITHCOOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ librarie...

SolarWinds Server & Application Monitor (SAM) Detection (Windows SMB Login)

SMB login-based detection of SolarWinds Server & Application Monitor SAM. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 ...)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Transfer Cluster Manager, IBM Aspera Faspex on Demand, IBM Aspera Server on Demand, IBM Aspera Application on Demand, and IBM Aspera Azure on Demand. IBM Aspera Transf...

Microsoft Windows 10: Enable computer and user accounts to be trusted for delegation

This policy setting determines which users can set the Trusted for Delegation setting on a user or computer object. Security account delegation provides the ability to connect to multiple servers, and each server change retains the authentication credentials of the original client. Delegation of...

CVE-2018-1272

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application server A receives input from a remote client, and then uses that input to make a...

Http.sys Information Disclosure Vulnerability

An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system. A remote...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

CVE-2017-7507 affects GnuTLS 3.5.12 and earlier, which are vulnerable to a NULL pointer dereference when decoding a status_request extension in ClientHello, potentially crashing the server. Several connected advisories confirm the issue and provide remediation: upgrade to GnuTLS 3.5.13 or newer (...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...

CVE-2017-7507

GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application...