Mozilla: Out-of-bounds read when processing certain email messages

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents CVE-2020-6792. When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...

Security Vulnerabilities fixed in Thunderbird 68.5 — Mozilla

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stor...

Nextcloud: Improper confidentiality protection of server-side encryption keys

This vulnerability is related to the Improper integrity protection of server-side encryption keys vulnerability but leverages a different attack vector. While the previous attack broke the confidentiality of encrypted files because the public keys are not integrity-protected, this new attack brea...

The vulnerability in the web interface for controlling Cisco Registered Envelope Service allows a attacker to perform XSS attacks.

The vulnerability in the web interface for managing Cisco Registered Envelope Service security information exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the web interface of the Cisco Registered Envelope Service allows a perpetrator to execute arbitrary JavaScript code and gain unauthorized access to the protected information.

The vulnerability of the Cisco Registered Envelope Service RES web interface lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and gain unauthorized access to protected informati...

CVE-2019-1777

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2019-1777

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

Cross site scripting

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2019-1777 Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2019-1777

CVE-2019-1777 concerns the Cisco Registered Envelope Service web interface, where insufficient input validation enables an authenticated, remote attacker to perform a cross-site scripting (XSS) attack on another user. Exploitation involves sending a malicious payload via email to a target user, p...

CVE-2019-1777 Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the...

PT-2019-2130 · Cisco · Cisco Registered Envelope Service

Name of the Vulnerable Software and Affected Versions: Cisco Registered Envelope Service versions 5.3.4.x Description: The issue is related to insufficient validation of user-supplied input by the web-based interface, allowing an attacker to conduct a cross-site scripting XSS attack. This could...

The vulnerability of user management functions of the Cisco Registered Envelope Service allows attackers to disclose the protected information.

The vulnerability of the user management functions of the Cisco Registered Envelope Service CRES is related to deficiencies in indexing mechanisms. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...

CVE-2018-15448

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

Spoofing

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

CVE-2018-15448 Cisco Registered Envelope Service Information Disclosure Vulnerability

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecu...

Cisco Registered Envelope Service Information Disclosure Vulnerability

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. An information disclosure vulnerability exists in the user management functionali...

Signal Secure Messaging App Now Encrypts Sender's Identity As Well

Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are full...