[SECURITY] [DLA 1425-1] thunderbird security update

Package : thunderbird Version : 1:52.9.1-1deb8u1 CVE ID : CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 Multiple security issues have been found in Thunderbird, which may lead to...

[SECURITY] [DSA 4244-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4244-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 13, 2018 https://www.debian.org/security/faq -...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3714-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3714-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a...

USN-3714-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass CORS restrictions, obtain sensitive information, or execute arbitrary...

SSE-C Cryptographic Flaw

github.com/minio/minio is vulnerable to cryptographic flaws. The vulnerability exists as there is a weakness in the derived key-encryption-key for SSE-C encrypted objects. The vulnerability allows malicious users to replace objects that are encrypted with the same client key as it was not bound t...

Debian: Security Advisory (DSA-4244-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: SSL timing vulnerabilities in ClearCase Remote Client (CVE-2014-0411)

Summary An attacker can monitor a long-lived encrypted CCRC session and potentially decrypt the entire session. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...

Looking For Secure VPN Services? Get a Lifetime Subscription

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and...

Looking For Secure VPN Services? Get a Lifetime Subscription

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and...

Security update for git-annex (moderate)

This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

Security update for git-annex (moderate)

This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

openSUSE Security Update : git-annex (openSUSE-2018-697)

This update for git-annex to version 6.20180626 fixes the following issues : - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

To crypt, or to mine – that is the question

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed: the way their Troja...

EncryptedToken Integer Overflow Vulnerability

EncryptedToken ECC is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function of the smart contract implementation in ECC. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

Beware! Fortnite Cheat Hijacks Gamers' PCs to Intercept HTTPS Traffic

If you are looking for Fortnite v-bucks generator, aimbot or any other game cheats—then beware—you might end up installing malware on your PC! Web-based game-streaming platform Rainway is reporting that tens of thousands of Fortnite players have inadvertently infected their systems with a piece o...

Traffic Analysis of the LTE Mobile Standard

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. EDITED TO ADD 7/3: More information. I...

Ivanti Avalanche Information Disclosure Vulnerability

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions 5.3 and 6.2. The vulnerability can be exploited by a...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

Authentication flaw

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...