Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3714-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3714-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

USN-3714-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary...

USN-3714-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary...

gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification

A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could ha...

gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification

A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could ha...

Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2016-2107)

Summary OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...

Security Bulletin: Vulnerability in SSLv3 affects IBM Rational ClearCase (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Rational ClearCase. Vulnerability Details CVE-ID: CVE-2014-3566 Description: ClearCase could allow a remote attacker to obtain sensitive...

Weak Algorithm Vulnerability in Multiple Huawei Products

Huawei eSpace U1981 and so on are products of Huawei China. eSpace U1981 is a voice gateway product. VP9660 is a multimedia switching platform. A weak cryptographic algorithm vulnerability exists in multiple Huawei products. Exploiting the vulnerability, an unauthenticated remote attacker needs t...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2018-701)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

Security update for Mozilla Thunderbird (moderate)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

Security update for Mozilla Thunderbird (moderate)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998: - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

Unspecified Vulnerability in Beckhoff TwinCAT

Beckhoff TwinCAT is a software system consisting of a real-time environment and a real-time system for executing control programs in a development environment for programming, diagnostics and system configuration. A security vulnerability exists in Beckhoff TwinCAT version 3.0, which originates...

CVE-2018-8902

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. The impacted products used a single shared key encryption model to encrypt data. A user with access to system databases can use the discovered key to access potentially confidential stored data, which may include...

Free Thanatos Ransomware Decryption Tool Released

If your computer has been infected with Thanatos Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search is over here. Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible f...

CVE-2018-1000539

Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...

CVE-2018-1000539

Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...

CVE-2018-1000539

Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...

Updated gnupg gnupg2 packages fix a security vulnerability

Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that wou...

Security Bulletin: A vulnerability in nettle affects PowerKVM

Summary PowerKVM is affected by a vulnerability in nettle. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-6489 DESCRIPTION: Nettle could allow a remote attacker to obtain sensitive information, caused by a cache-related side channel attack in the RSA and DSA...

Security Bulletin: Vulnerability in SSLv3 affects IBM Platform Symphony (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in Platform Symphony. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...