EulerOS Virtualization 2.5.1 : gnupg2 (EulerOS-SA-2018-1324)

According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20181025)

This update upgrades Firefox to version 60.3.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 CVE-2018-12390 - Mozilla: Crash with nested event loops CVE-2018-12392 - Mozilla: Integer overflow during Unicode conversion while loading JavaScript...

Shellcode-Encrypter-Decrypter - Shellcode Encrypter & Decrypter By Using XOR Cipher To Encrypt And Decrypt Shellcode

A Shellcode Encrypter & Decrypter, Using XOR Cipher to enc and dec shellcode. Installation git clone https://github.com/blacknbunny/Shellcode-Encrypter-Decrypter.git && python enc.py --help Usage Example Encryption: python encdecshellcode.py --shellcode \x41\x41\x42\x42 --key SECRETKEY --option...

Security Bulletin: IBM RackSwitch firmware products are affected by information disclosure vulnerability (CVE-2014-8730)

Summary IBM RackSwitch firmware products listed below have addressed the following TLS padding information disclosure vulnerability. Vulnerability Details CVEID: CVE-2014-8730 DESCRIPTION: Multiple F5 products could allow a remote attacker to obtain sensitive information, caused by the failure to...

A week in security (October 15 – 21)

Last week on Malwarebytes Labs, we went over how to build your own motion-activated security camera, wondered whether FIDO is the future instrument to replace passwords and usernames, informed you about information operations on Twitter, and released our Q3 Malwarebytes Labs Cybercrime Tactics an...

Design/Logic Flaw

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

Design/Logic Flaw

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

CVE-2018-12373

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

CVE-2018-12372

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

CVE-2018-12373

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

CVE-2018-12372

CVE-2018-12372 affects Mozilla Thunderbird. Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext in HTML reply/forward messages. Public documentation lists affected product: Thunderbird prior to 52.9. Root cause described across connected sources as leakage of S...

Ivanti Workspace Control and RES One Workspace Information Disclosure Vulnerability

Ivanti Workspace Control formerly known as RES One Workspace is a set of workspace control software from the American company Ivanti. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control...

Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

GHSA-8336-MXP6-V5H9 Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2018-0434

A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected...

CVE-2018-12087

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

Authorization

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

CVE-2018-12087

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

CVE-2018-12087

OPC Foundation UA Client Applications are affected by CVE-2018-12087 due to failure to validate certificates in communications without security. This allows an attacker who controls a segment of the network infrastructure to decrypt passwords, indicating a confidentiality impact. The vulnerabilit...