CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

CVE-2018-18976

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...

CVE-2018-18976

The CVE-2018-18976 entry concerns the Ascensia Contour NEXT ONE mobile app (iOS/Android) prior to 2019-01-15. The root issue is Direct Object References that enable an attacker to enumerate user IDs to retrieve encrypted medical information from the Ascensia cloud platform. The exposed data is en...

Out-of-bounds Write

Thunderbird, Firefox ESR, and Firefox are vulnerable to out-of-bounds write. ClearKeyDecryptor function can be exploited by a remote attacker to cause out-of-bounds write via decrypting some Clearkey-encrypted media content. This may lead to writing of arbitrary data within memory, resulting in a...

Information Disclosure

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

CVE-2019-3938

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any...

Design/Logic Flaw

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any...

CVE-2019-3938

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any...

The vulnerability of the Cisco Encrypted Traffic Analytics technology’s implementation in the Cisco IOS XE operating system allows a attacker to trigger a service failure.

The vulnerability of the Cisco Encrypted Traffic Analytics ETA implementation for the Cisco IOS XE operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by using specially crafted IP packets...

Format string

In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format...

PT-2019-12287 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2018.5.3 Description: The issue concerns the storage of credentials in Build Cache Nodes. In Gradle Enterprise, these nodes did not store credentials at rest in an encrypted format. Recommendations: For...

Unbreakable Enterprise kernel security update

4.1.12-124.26.10 - x86/apic: Make archsetuphwirq NUMA node aware Henry Willard Orabug: 29534769 4.1.12-124.26.9 - KEYS: encrypted: fix buffer overread in validmasterdesc Eric Biggers Orabug: 29591025 CVE-2017-13305 4.1.12-124.26.8 - scsi: target: remove hardcoded T10 Vendor ID in INQUIRY response...

Hacker Breaks Into French Government's New Secure Messaging App

A white-hat hacker found a way to get into the French government's newly launched, secure encrypted messaging app that otherwise can only be accessed by officials and politicians with email accounts associated with the government identities. Dubbed "Tchap ," the end-to-end encrypted, open source...

DEBIAN-CVE-2019-3883

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during...

Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack

Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix's website, and...

Updated mumble packages fix security vulnerability

It was discovered that insufficient restrictions in the connection handling of Mumble, a low latency encrypted VoIP client, could result in denial of service CVE-2018-20743...

CVE-2019-5615

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

Design/Logic Flaw

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

CVE-2019-5615

CVE-2019-5615 concerns a stored-credential exposure in Rapid7 InsightVM (versions 6.5.11–6.5.49). The issue allows users with Site-level permissions to access files containing username-encrypted passwords for Security Console Global Administrators, along with clear-text passwords for restoring ba...

CVE-2019-10735

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...