CVE-2018-5482

NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel...

Pixel Update Bulletin—March 2019Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel devices Google devices. For Google devices, security patch levels of 2019-03-05 or later address all issues in this bulletin and all issues in the March 2019 Android...

Data Leakage from Encrypted Databases

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it...

F5 Networks BIG-IP : TMM TLS virtual server vulnerability (K10065173)

A BIG-IP virtual server configured with a Client SSL profile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may result in plaintext recovery of encrypted messages through a man-in-the-middle MITM attack, despite the attacker not having gained access to t...

CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...

CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...

CVE-2019-1683

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security TLS-encrypted Session Initiation Protocol SIP conversation. The...

Cisco SPA112, SPA525, and SPA5X5 Series Certificate Validation Vulnerabilities

Cisco SPA112 Series and so on are the products of Cisco Company in the United States.Cisco SPA112 Series is a SPA112 series IP phone.SPA525 Series is a SPA525 series IP phone.SPA5X5 Series is a SPA5X5 series IP phone.Cisco SPA112 Series is a SPA112 series IP phone.SPA525 Series is a SPA525 series...

Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security TLS-encrypted Session Initiation Protocol SIP conversation. The...

CVE-2018-15588

MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email...

Design/Logic Flaw

MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email...

CVE-2018-15588

MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email...

CVE-2018-15588

MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email...

CVE-2019-1672

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorre...

CVE-2018-20764

A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation...

CVE-2018-20764

The CVE-2018-20764 entry concerns a buffer overflow in HelpSystems tcpcrypt for Linux, used with BoKS encrypted telnet (BoKS 6.7.1). The underlying issue is a buffer overflow in tcpcrypt, which is setuid, enabling privilege escalation if exploited. The available documents identify the affected co...

SpotAuditor 3.6.7 - Base64 Encrypted Password Denial of Service (PoC)

SpotAuditor 3.6.7 - Base64 Encrypted Password Denial of Service PoC Exploit Title: SpotAuditor v3.6.7 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.nsauditor.com/order.html Software Link : http://www.nsauditor.com/order.html Tested...

openSUSE Security Update : systemd (openSUSE-2019-98)

This update for systemd provides the following fixes : Security issues fixed : - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - CVE-2018-6954: Fix mishandling of...

openSUSE Security Update : systemd (openSUSE-2019-97)

This update for systemd provides the following fixes : Security issues fixed : - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - Fixed an issue during system startup in...

openSUSE: Security Advisory for systemd (openSUSE-SU-2019:0098-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...