[SECURITY] Fedora 28 Update: python-paramiko-2.4.1-1.fc28

Paramiko a combination of the Esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for se cure encrypted and authenticated connections to remote machines. Unlike SSL a ka TLS, the SSH2 protocol does not require hierarchical certificat...

Mac OS X APFS Encrypted Volume Password Disclosure

This module exploits a flaw in OSX 10.13 through 10.13.3 that discloses the passwords of encrypted APFS volumes. In OSX a normal user can use the 'log' command to view the system logs. In OSX 10.13 to 10.13.2 when a user creates an encrypted APFS volume the password is visible in plaintext within...

IBM Capacity Management Analytics Information Disclosure Vulnerability (CNVD-2018-06652)

IBM Capacity Management Analytics is a suite of capacity management analytics solutions from IBM USA for managing and predicting the usage of IBM zEnterprise infrastructure mainframe computer resources. A security vulnerability exists in IBM Capacity Management Analytics. A local attacker could...

CVE-2015-7434

IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863...

Code injection

IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107863...

Critical: Red Hat Security Advisory: python-paramiko security and bug fix update

An update for python-paramiko is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Thycotic Secret Server Remote Desktop Launcher Remote Desktop Launch Vulnerability

Thycotic Secret Server is a suite of password protection software from Thycotic, Inc. Remote Desktop Launcher is one of the remote desktop launchers. A security vulnerability exists in Remote Desktop Launcher in versions of Thycotic Secret Server prior to 8.6.000010, which stems from the program...

SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities

SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501...

SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501 or hotfix patch "1012018" CVE number: CVE-2018-7701,...

Default credentials

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...

CVE-2014-4861

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...

CVE-2014-4861

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended...

CVE-2014-4861

CVE-2014-4861 affects Thycotic Secret Server’s Remote Desktop Launcher, where a temporary file containing an encrypted password is not properly cleaned up after a session ends. This could expose credentials if the file persists. Affected: Secret Server prior to 8.6.000010. Root cause: inadequate ...

Fedora 26 : python-crypto (2018-0c75cc72bc)

The textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes ...

After Cellebrite, Grayshift Claims to Crack Encrypted iPhone X & 8

By Waqas Last week we reported about an Israeli firm Cellebrite, which This is a post from HackRead.com Read the original post: After Cellebrite, Grayshift Claims to Crack Encrypted iPhone X & 8...

VPN 101 – Part 1: What You Need to Know to Stay Safe and Protect Your Privacy Online

Submitted by Brook Stein The Internet is a wonderful thing. But we all know there are also risks lurking around every corner. We want to protect ourselves from malware and identity theft, prevent third-party trackers and advertisers slurping our private information, and keep our kids safe when...

Stack overflow

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur...

CVE-2017-15860

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur...

CVE-2017-5249

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner...

CVE-2017-18191

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...