[SECURITY] Fedora 29 Update: openssh-7.9p1-3.fc29

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Portier SQL Injection Vulnerability

Portier is an access rights management application. A SQL injection vulnerability exists in Portier versions 4.4.4.2 and 4.4.4.6, which stems from the program failing to validate user input and can be exploited by remote attackers to execute SQL commands and steal encrypted passwords from super...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service. Swapping encrypted volumes can allow an attacker to corrupt the LUKS header on the compute host, causing a denial of service condition...

Information Disclosure

kernel-rt is vulnerable to information disclosure attacks. The vulnerability exists through an information disclosure vulnerability in the Upstream kernel encrypted-key...

Denial Of Service (DoS)

kernel-rt is vulnerable to denial of service DoS attacks. The vulnerability exists as the KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service BUG via crafted keyctl commands that negatively instantiate a key, related to...

Privilege Escalation

cfme is vulnerable to privilege escalation. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated,...

PT-2019-2581 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.11 through 3.6.6 Description: The issue is related to a denial-of-service vulnerability in the X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of...

Nextcloud: Stored XSS/HTML injection in autocomplete suggestions for sharing

encrypted report, see attached GnuPG file. I tried to send this by mail, but [email protected] told me that I'm forced sic! to signup here. Please use 7F40 5A4F FAA3 F51B FEFD EE2F CE82 B2C8 6DCE BB9F to contact me. Impact encrypted report, see attached GnuPG file...

CVE-2018-16187

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached D5520, D6500, D6510, D7500, D8400, and the display versions with RICOH Interactive Whiteboard Controller Type2...

Information Disclosure

rails-session-decoder is vulnerable to information disclosure. A lack of verification of the Message Authentication Code that is appended to the cookies could allow an attacker to decrypt encrypted data containing confidential information...

BSA-2018-746

Security Advisory ID : BSA-2018-746 Component : Servlet Revision : 1.0: Initial A Vulnerability in Brocade Network Advisor Version before 14.0.3 could allow a remote unauthenticated attacker to export the current user database which includes the encypted not hashed password of the systems. The...

CVE-2018-19233

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...

PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

Telnet Unencrypted Cleartext Login

The remote host is running a Telnet service that allows cleartext logins over unencrypted connections. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

BSA-2018-743

Security Advisory ID : BSA-2018-743 Component : Hard-coded Credentials Revision : 3.1: Final A vulnerability in Brocade Network Advisor could allow an unauthenticated, remote attacker to log into the JMX Console of an affected system using an undocumented User credentials. The vulnerability is du...

The vulnerability of the package containing cryptographic algorithms and protocols for Python, Python-crypto, is related to the generation of weak key parameters. This allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the package that contains cryptographic algorithms and protocols for Python, Python-crypto, is related to the generation of weak key parameters. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information by reading the encrypted data...

Hardcoded credentials

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...

CVE-2018-18006

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files...

Partner Perspectives: Insight on Turla PNG Dropper

Editor's Note: This blog originally appeared on NCC Group's website. This is a short blog post on the PNG Dropper malware that has been developed and used by the Turla Group 1. The PNG Dropper was first discovered back in August 2017 by Carbon Black researchers. Back in 2017 it was being used to...

Code Execution Vulnerability in Encrypted Video by Screen Recording Expert

Screen Recording Expert is a professional tool for making screen recordings. A code execution vulnerability exists when Screen Recording Expert encrypts videos. An attacker can exploit the vulnerability to execute code...