End of support for Office 2010

End of support for Office 2010 Support for Office 2010 ended on October 13, 2020 and there will be no extension and no extended security updates.Buy or try Microsoft 365 Tip: Not sure what version of Office you have? See Find details for other versions of Office to help you determine what version...

MS15-081: Description of the security update for Word 2013: August 11, 2015

Resolves vulnerabilities in Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office...

CVE-2019-12529

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...

CVE-2019-12527

A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow...

Unknown 'WildPressure' Malware Campaign Lets Off Steam in Middle East

A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed “WildPressure,” the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code. According to...

openSUSE: Security Advisory for texlive-filesystem (openSUSE-SU-2020:0368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-16067

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication...

CVE-2019-10225

A flaw was found in atomic-openshift where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Design/Logic Flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

Authentication flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2019-13393

Affected product: Voo-branded NETGEAR CG3700b with custom firmware V2.02.03. Issue: same default 8-character passphrase used for both the administrative console and the WPA2 pre-shared key. Root cause: credential reuse enables exposure of management/admin access and wireless PSK. Exploitation pat...

CVE-2019-13393

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase...

CVE-2019-13394

The CVE-2019-13394 entry affects the Voo-branded NETGEAR CG3700b custom firmware (V2.02.03). The vulnerability is that HTTP Basic Authentication is used over cleartext HTTP, causing credentials to be transmitted unencrypted. This exposes confidentiality (and potentially integrity) of credentials ...

CVE-2019-13394

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...

CVE-2020-10376

CVE-2020-10376 affects Technicolor TC7337NET devices (version 08.89.17.23.03). The issue enables remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. This reflects a credential disclosure vulnerability exposed over network traffic. No remediati...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...