5472 matches found
cryptsetup: Out-of-bounds write when validating segments
A flaw was found in the way cryptsetup parses encrypted images with invalid segments. This flaw allows a local attacker to crash an application compiled with cryptsetup, or in some cases, cause arbitrary code execution when parsing specially crafted encrypted images. The highest threat from this...
Pulse Secure Pulse Connect Secure Input Validation Error Vulnerability (CNVD-2020-60092)
Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. Pulse Connect Secure versions prior to 9.1R9 have an input validation error vulnerability that can be exploited by an attacker to execute an...
CVE-2020-8255
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
CVE-2020-8255
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
Arbitrary file deletion
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
CVE-2020-8255
A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...
CVE-2020-9774
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...
CVE-2020-9774
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...
Code injection
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...
CVE-2019-8645
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...
CVE-2019-8645
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...
Code injection
An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to...
CVE-2020-9774
CVE-2020-9774 describes an issue where Siri Suggestions could improperly access encrypted data. The Apple advisories indicate the vulnerability was mitigated by limiting access to encrypted data and fixes were released in macOS Catalina 10.15.3, Mojave Security Update 2020-001, and High Sierra Se...
CVE-2020-9774
An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...
CVE-2019-8645
CVE-2019-8645 relates to macOS Mail handling of S/MIME-encrypted messages. The issue stems from insufficient isolation of MIME in Mail, enabling an attacker in a privileged network position to intercept S/MIME email contents. Apple fixes identify macOS Mojave 10.14.4 and Security Update 2019-002 ...
Researchers: Instagram, LinkedIn Vulnerable to Preview-Link RCE Security Woes
UPDATE Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. At risk are Facebook Messenger, LINE, Slack, Twitter Direct Messages, Zoom and many others. In the case of Instagram and LinkedIn, it’s even possible to execute remo...
Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the...
CVE-2020-3562
A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense FTD Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper input validatio...
NICER Protocol Deep Dive: Internet Exposure of IMAP and POP
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...
CVE-2020-1688
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...