Nextcloud Server Encryption Vulnerability

Nextcloud is a set of client-server software for creating network hard disks.Nextcloud Server is the server. An encryption vulnerability exists in Nextcloud Server 19.0.1. An attacker could use this vulnerability to degrade the encryption scheme and compromise the integrity of encrypted files...

CVE-2020-8133

Nextcloud Server 19.0.1 vulnerability (CVE-2020-8133) arises from incorrect passphrase generation for the encrypted block, enabling an attacker to silently overwrite blocks within a file. Public sources (Nextcloud advisory NC-SA-2020-038) describe MAC-based encryption weaknesses that can be explo...

CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

MGASA-2020-0404 Updated mariadb packages fix security vulnerabilities

The latest release of mariadb fixes some undisclosed easily exploitable vulnerabilities. CVE-2020-14765, CVE-2020-14776, CVE-2020-14789 and CVE-2020-14812. Additionally some bugs are fixed: - Temporary tables can overwrite existing files MDEV-23569 - Crash on SELECT on a table with indexed virtua...

CVE-2020-8577

SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session...

WhatsApp Is Adding Disappearing Messages—With Some Limits

The popular encrypted messaging app now lets you automatically make chats vanish after a week, but look out for a few caveats...

Unspecified Vulnerability in Apple macOS Catalina (CNVD-2020-61028)

Apple macOS Catalina is a specialized operating system developed by Apple Inc. for Mac computers. Apple macOS Catalina suffers from a security vulnerability that stems from an issue when Siri suggests that a user access encrypted data, which could be inappropriately accessed. No details of the...

Apple macOS Mojave has an unspecified vulnerability (CNVD-2020-65929)

Apple macOS Mojave is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Mojave versions prior to 10.14.4, which can be exploited by an attacker to intercept the contents of mime-encrypted emails...

cryptsetup: Out-of-bounds write when validating segments

A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...

Pulse Secure Pulse Connect Secure Input Validation Error Vulnerability (CNVD-2020-60092)

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. Pulse Connect Secure versions prior to 9.1R9 have an input validation error vulnerability that can be exploited by an attacker to execute an...

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

Arbitrary file deletion

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

CVE-2020-9774

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

Code injection

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

CVE-2019-8645

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

CVE-2019-8645

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...

Code injection

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...