Information disclosure

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially...

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

[SECURITY] Fedora 29 Update: krb5-1.16.1-26.fc29

Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending passwords over the network in unencrypted form...

Cisco IOS XE Software HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client)

According to its self-reported version, IOS XE Software is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not...

Cisco IOS HTTP Client Information Disclosure Vulnerability (cisco-sa-20190925-http-client)

According to its self-reported version, IOS is affected by a vulnerability in the HTTP client feature that allows an unauthenticated, remote attacker to read and modify data that should normally be sent via an encrypted channel. This vulnerability is due to TCP port information not being consider...

CVE-2017-18191

OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting...

Juniper Junos CVE-2019-0069 Local Information Disclosure Vulnerability

Description Juniper Junos is prone to a local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following versions of Juniper Junos are affected: Juniper Junos 15.1X49 versions prior to...

Juniper SBR Carrier CVE-2019-0072 Information Disclosure Vulnerability

Description Juniper SBR Carrier is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The following product versions are affected: Juniper SBR Carrier versions from 8.4.1 prior to 8.4.1R13...

USN-4150-1 thunderbird vulnerabilities

It was discovered that encrypted S/MIME parts in a multipart message can leak plaintext contents when included in a HTML reply or forward in some circumstances. If a user were tricked in to replying to or forwarding a specially crafted message, an attacker could potentially exploit this to obtain...

Xpdf null pointer dereference vulnerability (CNVD-2019-38488)

Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. Xpdf suffers from a null pointer dereference vulnerability. An attacker could exploit this vulnerability to cause the application to crash...

OpenSSL Information Disclosure Vulnerability (CNVD-2019-38486)

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...

Amazon Linux 2 : thunderbird (ALAS-2019-1304)

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation cou...

IBM WebSphere Application Server CVE-2019-4441 Information Disclosure Vulnerability

Description IBM WebSphere Application Server is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0, and Liberty are vulnerable...

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

CB Threat Analysis Unit: Technical Analysis of “Crosswalk”

The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...

Design/Logic Flaw

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to...

CVE-2019-3736

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to...

Design/Logic Flaw

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...

UBUNTU-CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

UBUNTU-CVE-2019-11739

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...