Race condition

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

CVE-2019-1741

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

PT-2019-11338 · Jenkins · Jenkins Rqm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PRQA Plugin versions 3.1.0 and earlier Description: A security issue allows attackers with local file system access to the Jenkins home directory to obtain an unencrypted password from the plugin configuration. The plugin stored a...

Cisco IOS XE ETA Denial of Service Vulnerability

Cisco IOS XE is a modular operating system based on the Linux kernel. A denial of service vulnerability exists in the Cisco Encrypted Traffic Analysis ETA feature of Cisco IOS XE, which arises from a logic error in the program when processing malformed incoming packets, and can be exploited by a...

Apple macOS Mojave DiskArbitration Logic Flaw Vulnerability

Apple macOS Mojave is a dedicated operating system developed by Apple for Mac computers.DiskArbitration is one of the components used to handle disk mounts. A security vulnerability exists in the DiskArbitration component in Apple macOS Mojave versions prior to 10.14.4. An attacker could use this...

CVE-2019-1741 Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

CVE-2019-1741 Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

CVE-2019-9862

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext for instance, the current rolling cod...

CVE-2019-9862

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext for instance, the current rolling cod...

CVE-2019-9862

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext for instance, the current rolling cod...

Ruby on Rails DoubleTap Development Mode secret_key_base Vulnerability

Ruby on Rails versions including 5.2.2.1 and prior are vulnerable to a predicatble secretkeybase in development mode, which could be used to recreated a signed message, such as a serialized object, and gain remote code execution. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

openSUSE Security Update : git-annex (openSUSE-2019-497)

This update for git-annex to version 6.20180626 fixes the following issues : - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-364)

This update for Mozilla Thunderbird to version 52.8 fixes the following issues : Security issues fixed MFSA 2018-13, boo1092548 : - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG...

OPENSUSE-SU-2019:0098-1 Security update for systemd

This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - CVE-2018-6954: Fix mishandling of symlink...

TAU Threat Intelligence Notification – LockerGoga Ransomware

LockerGoga ransomware has recently surfaced with a few successful infections mostly discovered in Europe that have caused very large and notable damage to businesses. This ransomware uses Windows “living off the land” tools LOLBins for the most part in order to infect and encrypt the victim’s...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)

Summary OpenSSL vulnerabilities were disclosed on October 30 2018 and November 2 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature...

Mozilla launches Firefox Send for private file sharing

Mozilla look to reclaim some ground from the all-powerful Chrome with a new way to send and receive files securely from inside the browser. Firefox Send first emerged in 2017, promising an easy way to send documents without fuss. The training wheels have now come off and Send is ready to go...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced...

GLSA-201903-10 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201903-10 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive information, caus...