Fedora 31 : opensmtpd (2020-283dc7f094)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

Fedora 30 : opensmtpd (2020-31216ab928)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates

Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...

Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...

Let's Encrypt to Revoke Millions of TLS Certs

UPDATE Popular free certificate authority Let’s Encrypt said it will revoke 3 million Transport Layer Security TLS certificates Wednesday, because of a Certificate Authority Authorization CAA bug. The move could mean that millions of websites and machine identities that rely on those certificates...

Kubernetes: Github test clientID and clientSecret leaked

Report Submission Form Summary: A github clientID and clientSecret for an oauth app are being leaked on github Description While looking for anything that is interesting on github I a clientID and clientSecret for a github oauth app hardcoded. While they have been removed a long time ago, they ar...

Insecure Session Management

github.com/hashicorp/vault does not properly handle and manage sessions. The vulnerability exists in Vault Enterprise, where the revocation of a token scoped to a non-root namespace does not properly trigger the revocation of the dynamic secret leases associated with the token...

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

Code injection

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

CVE-2012-1316

CVE-2012-1316 affects the Cisco IronPort Web Security Appliance, where the product does not check for certificate revocation, potentially enabling MITM attacks. The linked sources show an impact on integrity (CVSS3.1: HIGH) with network exposure (CVSS3.1: AV:N, AC:H, PR:N, UI:N, S:U) and a CVSSv2...

ToTok Returned to Google Play Despite ‘Spy Tool’ Claims

Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. ToTok, a social app that was released in 2019 and has been downloaded by millions, gained rapid popularity in the United Ar...

BCM Messenger: Account Takeover with old password and login QR

BCM servers don't store users' passwords, and the private keys are stored locally. If you change the password, the data in the old QR code will not be revoked. Please read the warnings during registration and backup, and protect your account credentials. Thank you! When someone wants to log into...

CVE-2019-15006

There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

Information disclosure

There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

CVE-2019-15006

CVE-2019-15006 describes a MITM vulnerability in the Confluence Previews plugin used to communicate with the Atlassian Companion app via the atlassian-domain-for-localhost-connections-only.com hostname (DNS to 127.0.0.1). An attacker controlling DNS could observe or modify edited files; the certi...

Puppet Agent Trust Management Issue Vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Agent is a Puppet agent end program. A security vulnerability exists in...

Unspecified vulnerability in Cloudera CDH (CNVD-2020-14226)

Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.7.1 that stems from the inabilit...