Weak Encryption

nextcloud-desktop is vulnerable to Weak Encryption. The vulnerability allows a malicious server administrator to recover and modify contents of end-to-end encrypted files...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Thunderbird: Hang when processing certain OpenPGP messages

The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...

Thunderbird: Hang when processing certain OpenPGP messages

The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

Tour of the Underground: Master the Art of Dark Web Intelligence Gathering

The Deep, Dark Web – The Underground – is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harness...

RHEL 9 : thunderbird (RHSA-2023:1809)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1809 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes:...

Mozilla Thunderbird 资源管理错误漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as HTML mail format. A security vulnerability exists in Mozilla Thunderbird due to improper memory...

Mozilla Thunderbird 信任管理问题漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Thunderbird, which can be exploited to conduct...

CVE-2023-0005

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys...

CVE-2023-0005

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys...

CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys...

CVE-2023-0005

Summary: CVE-2023-0005 affects Palo Alto Networks PAN-OS and enables an authenticated administrator to expose plaintext secrets stored in device configuration and encrypted API keys. The vulnerability is discussed across multiple sources in connected documents, including vendor advisories and sec...

CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys...

PAN-OS: Exposure of Sensitive Information Vulnerability

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Work around: This issue requires the attacker to have authenticated access to the PAN-OS management...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a security vulnerability that stems from the ability of an authenticated administrator to expose secret plaintext values and encrypted API keys stored in the devic...

Authorization Bypass

github.com/moby/moby is vulnerable to Authorization Bypass. Encrypted overlay networks accept cleartext VXLAN datagrams tagged with the VNI of the network, which allows remote attackers to arbitrary inject ethernet frames into the encrypted overlay network...

Information Disclosure

docker is vulnerable to Information Disclosure. Encrypted overlay networks on affected platforms silently transmit unencrypted data, without any confidentiality or data integrity guarantees. This can lead to unexpected secrets or user data disclosure, as many database protocols, internal APIs, et...

Authorization Bypass

docker is vulnerable to Authorization Bypasses. Encrypted overlay networks can be used to inject arbitrary Ethernet frames into the network by encapsulating them in VXLAN datagrams...

CVE-2023-28840

A vulnerability was found in Moby due to an unprotected alternate channel within encrypted overlay networks. This issue could allow a malicious user to cause a denial of service by sending a specially crafted request to inject arbitrary Ethernet frames into the encrypted overlay network...