MGASA-2021-0067 Updated messagelib packages fix a security vulnerability

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...

Updated messagelib packages fix a security vulnerability

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...

CVE-2021-25755

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic...

CVE-2021-25755

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic...

Code injection

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic...

CVE-2021-25755

In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic...

JetBrains Security Bulletin Q4 2020

JetBrains News Security JetBrains Security Bulletin Q4 2020 Robert Demmer In the fourth quarter of 2020, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description |...

JetBrains Code With Me 安全漏洞

JetBrains Code With Me is a plug-in application from the Czech company JetBrains that provides code co-editing for the IntelliJ IDE. JetBrains Code With Me suffers from a cryptographic issue vulnerability that can be exploited by an attacker on the local network to access encrypted traffic knowin...

OPENSUSE-SU-2021:0227-1 Security update for messagelib

This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885. This update was imported from the openSUSE:Leap:15.1:Update update project...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the Apache Foundation.Cassandra is a hybrid non-relational database, similar to Google's BigTable.Its main features are richer than Dynamo a distributed Key-Value storage system, but the support is not as good as a document store. MongoDB...

Security update for messagelib (moderate)

openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0227-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...

OPENSUSE-SU-2021:0188-1 Security update for messagelib

This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885...

NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

This Encrypted Gun Registry Might Bridge a Partisan Divide

Researchers from Brown University have developed a system that could keep track of firearms while preserving privacy...

Security update for messagelib (moderate)

openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0188-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

Mozilla Thunderbird Command Injection Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions prior to...

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...