Attorney General Barr and Encryption

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it i...

CVE-2019-14359

CVE-2019-14359 describes a side-channel on BC Vault devices where the power usage per row of the SSD1309 OLED display leaks information about the number of illuminated pixels. The practical impact is limited: an attacker would need control over the device’s USB connection to measure power while s...

RHEL 7 : mercurial (RHSA-2019:2276)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2276 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Securi...

Moderate: Red Hat Security Advisory: mercurial security update

An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2019-2254

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615,...

Design/Logic Flaw

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615,...

CVE-2019-2254

Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615,...

CVE-2019-2254

CVE-2019-2254 affects Qualcomm Snapdragon platforms (multiple Snapdragon Auto/Compute/IoT/Mobile lines, including various SD/SDM/RH-series) where position-determination accuracy can be degraded due to wrongly decoded information. The root cause is not explicitly detailed beyond the decoding error...

F5 Networks BIG-IP : SNMP vulnerability (K40443301)

SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. CVE-2019-6640 Impact An attacker with direct SNMP access to a BIG-IP system, or an attacker with a privileged...

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

CVE-2018-17478

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

UBUNTU-CVE-2018-17478

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Design/Logic Flaw

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

CVE-2018-17478

CVE-2018-17478 is a V8-related vulnerability in Chromium/Google Chrome prior to version 70.0.3538.102, caused by an out-of-bounds memory access that could lead to object corruption. Reports across multiple security advisories indicate the issue was fixed by upgrading Chromium to 70.0.3538.102 (e....

CVE-2018-17478

Removed by vendor...

CVE-2018-17478

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

CVE-2019-12904

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

CVE-2019-6584

A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...

Privilege escalation

A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...

CVE-2019-6584

A vulnerability has been identified in SIEMENS LOGO!8 6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx, SIEMENS LOGO!8 6ED1052-xyy08-0BA0 FS:01 / Firmware version V1.82.02. The integrated webserver does not invalidate the Session ID upon user logout. An attacker that...