Intuit Quicken Deluxe 2018 for Mac Password Protection Authentication Bypass Vulnerability

Summary An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data withou...

Security update for unzip (moderate)

This update for unzip fixes the following security issues: - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption bsc1013993 - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to...

Security Bulletin: Multiple security vulnerabilities in GSKit used by Edge Caching proxy of WebSphere Application Server

Summary There are multiple security vulnerabilities in the GSKit used by Edge Caching proxy of WebSphere Application Server. This is a separate install from WebSphere Application Server. You only need to apply this if you use the Edge Caching Proxy. Vulnerability Details CVEID: CVE-2018-1447...

IC3 Issues Alert on RDP Exploitation

The Internet Crime Complaint Center IC3, in collaboration with DHS and the Federal Bureau of Investigation, has released an alert on cyber threat actors maliciously using legitimate remote administration tools, such as Remote Desktop Protocol RDP. Threat actors identify and exploit vulnerable RDP...

Chaturbate: Password protected rooms total number of viewers disclosure to unauthorized members

Summary Password protected rooms are supposed to be completely private, no information should be exposed if you do not have the room's password, and the UI looks like this. F348826 However, through the following endpoint, It is possible to know the total number of viewers of the room even if it i...

Security Bulletin:A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products (CVE-2018-1447)

Summary A vulnerability in GSKit and GSKit-Crypto affects IBM Performance Management products. The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change passwor...

Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability.

Summary IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z have addressed the following vulnerability: CVE-2018-1447 GSKit and GSKit-Crypto Security Advisory December 201...

Design/Logic Flaw

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 for Windows is affected by CVE-2018-14608. The vulnerability stems from storing customer data in plaintext in unique directories under %install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17, which can be bypassed without authentication by inspecting the strings i...

Security Bulletin: Vulnerability in IBM GSKit affect IBM Personal Communications

Summary GSKit is an IBM component that is used by IBM Personal Communications. GSKit that is shipped with IBM Personal Communications contains security vulnerability. IBM Personal Communications has addressed the same. Vulnerability Details CVEID: CVE-2018-1447 DESCRIPTION: The GSKit CMS KDB logi...

USN-3724-1: Evolution Data Server vulnerability

Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...

PT-2018-12614 · Thomson Reuters · Thomson Reuters Ultratax Cs

Name of the Vulnerable Software and Affected Versions: Thomson Reuters UltraTax CS version 2017 Description: The software has a password protection option, but the level of protection may not meet some customers' expectations because the data is stored in cleartext. Customer data is stored in...

Design/Logic Flaw

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...

CVE-2017-3217

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS text message interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the...

Microsoft Windows: Password protect the screen saver

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winpasswdscreensaver.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Password protect the screen saver users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Security Bulletin: Vulnerabilities in GSKit and GSKit-Crypto affect IBM InfoSphere Information Server

Summary Vulnerabilities in GSKit and GSKit-Crypto were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Tivoli Storage Manager FastBack

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Tivoli Storage Manager FastBack. IBM Tivoli Storage Manager FastBack has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for Hyper-V. IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V has addressed the applicable CVEs...