Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

pulp_ansible 安全漏洞

pulpansible is a Pulp open source plugin that supports hosting Role and Collection Ansible content. A security vulnerability exists in pulpansible that stems from storing tokens in plaintext instead of using Pulp's encrypted fields...

PT-2022-24917 · Tasks.Org · Tasks.Org

Name of the Vulnerable Software and Affected Versions: Tasks.org versions prior to 12.7.1 Tasks.org versions prior to 13.0.1 Description: The Tasks.org Android app has a sensitive information disclosure issue. The app's ShareLinkActivity.kt activity handles "share" intents and may copy files from...

CVE-2022-3644

A flaw exists in the collection remote for pulpansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality...

Ubuntu: Security Advisory (USN-5694-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5694-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...

The vulnerability in the web interface of the Moxa MXView software control device allows a hacker to gain full access to the device.

The vulnerability of the Moxa MXView network control software web interface is related to the use of strictly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to gain full access to the device by sending a specially crafted HTTP request...

The vulnerability of the microprogrammed software of Moxa’s EDR-G903, EDR-G902, and EDR-810 series of industrial routers lies in the use of rigidly encrypted account data, allowing attackers to gain full access to the devices.

The vulnerability of the microprogrammed software of Moxa’s EDR-G903, EDR-G902, and EDR-810 series of routers lies in the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to gain full access to the device using these specially created login...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-5694-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5694-1 advisory. It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a...

CVE-2022-41983

On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and all versions of 13.1.x, while Intel QAT QuickAssist Technology and the AES-GCM/CCM cipher is in use, undisclosed conditions can cause BIG-IP to send data unencrypted even...

CVE-2022-41541

TP-Link AX10v1 V1211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user...

CVE-2022-31122 Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation

Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML...

CVE-2022-31122

Wire-server vulnerability CVE-2022-31122 is a Token Recipient Confusion issue affecting versions prior to 2022-07-12/Chart 4.19.0. If an attacker obtains SAML IdP metadata details and configures their own SAML on the same backend, they can delete all SAML-authenticated accounts of a targeted team...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2022:10148-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10148-1 advisory. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a...

CVE-2022-39249

A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that...

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 21.1.0 that stems from the fact that GoCD discloses the symmetric key used to encrypt/decrypt any security variables/secrets in the GoCD configuration to an authenticated agent, a malicious/compromised...

The vulnerability of the Dell Enterprise SONiC operating system, which stems from the use of a strictly encrypted cryptographic key, allows attackers to disclose the protected information.

The vulnerability of the Dell Enterprise SONiC operating system lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker, working remotely, to disclose the protected information...