5472 matches found
OPENSUSE-SU-2021:0227-1 Security update for messagelib
This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885. This update was imported from the openSUSE:Leap:15.1:Update update project...
Apache Cassandra 安全漏洞
Apache Cassandra is a distributed Nosql database from the Apache Foundation.Cassandra is a hybrid non-relational database, similar to Google's BigTable.Its main features are richer than Dynamo a distributed Key-Value storage system, but the support is not as good as a document store. MongoDB...
Security update for messagelib (moderate)
openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0227-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...
OPENSUSE-SU-2021:0188-1 Security update for messagelib
This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying boo1131885...
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
This Encrypted Gun Registry Might Bridge a Partisan Divide
Researchers from Brown University have developed a system that could keep track of firearms while preserving privacy...
Security update for messagelib (moderate)
openSUSE Security Update: Security update for messagelib Announcement ID: openSUSE-SU-2021:0188-1 Rating: moderate References: 1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...
Mozilla: IMAP Response Injection when using STARTTLS
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...
ZINC attacks against security researchers
In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...
Mozilla: IMAP Response Injection when using STARTTLS
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...
Mozilla Thunderbird Command Injection Vulnerability
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions prior to...
cryptsetup: Out-of-bounds write when validating segments
A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...
Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Vulnerability
Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120...
NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers
The U.S. National Security Agency NSA on Friday said DNS over HTTPS DoH — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transpo...
CVE-2021-0206
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine PFE to crash and restart, resulting in a Denial of Service DoS. By continuously sending these specific packets, an attacker can repeatedly disabl...
How a VPN can protect your online privacy
Have you ever experienced the feeling of relief that comes when you do something silly, but youre glad you did it where people dont know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network VPN can do for you: it can put you in a place where you...
NSA Releases Guidance on Encrypted DNS in Enterprise Environments
The National Security Agency NSA has released an information sheet with guidance on adopting encrypted Domain Name System DNS over Hypertext Transfer Protocol over Transport Layer Security HTTPS, referred to as DNS over HTTPS DoH. When configured appropriately, strong enterprise DNS controls can...
Design/Logic Flaw
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of...
PortableKanban 4.3.6578.38136 Encrypted Password Disclosure
Exploit Title: PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval Date: 9 Jan 2021 Exploit Author: rootabeta Vendor Homepage: The original page, https://dmitryivanov.net/, cannot be found at this time of writing. The vulnerable software can be downloaded from...
PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval
Exploit Title: PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval Date: 9 Jan 2021 Exploit Author: rootabeta Vendor Homepage: The original page, https://dmitryivanov.net/, cannot be found at this time of writing. The vulnerable software can be downloaded from...