5469 matches found
DEBIAN-CVE-2020-12801
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...
UBUNTU-CVE-2020-12801
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...
CVE-2020-12801
CVE-2020-12801 affects LibreOffice 6.3.x prior to 6.3.6 and 6.4.x prior to 6.4.3. If an encrypted document crashes and is recovered, subsequent saves may default to unencrypted even when the document was encrypted, if the recovered file format is not the default ODF format. Public details in conn...
CVE-2020-12801 Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next save
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...
UBUNTU-CVE-2020-11932
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered...
Sphinx Malware Returns to Riddle U.S. Targets, with Modifications
The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
This blog post was authored by Hossein Jazi, Thomas Reed and Jérôme Segura. We recently identified what we believe is a new variant of the Dacls Remote Access Trojan RAT associated with North Korea's Lazarus group, designed specifically for the Mac operating system. Dacls is a RAT that was...
CVE-2020-4092
"If port encryption is not enabled on the Domino Server, HCL Nomad on Android and iOS Platforms will communicate in clear text and does not currently have a user interface option to change the setting to request an encrypted communication channel with the Domino server. This can potentially expos...
PT-2020-13062 · Riverbed · Orchestrator
Name of the Vulnerable Software and Affected Versions: Orchestrator affected versions not specified Description: The issue arises from the lack of validation of the certificate used to identify Orchestrator to EdgeConnect devices. This oversight allows an attacker to establish a TLS connection fr...
The vulnerability of Microprogrammed Software in Modicon Controllers arises from the existence of rigidly encrypted user data, which allows a intruder to execute any command against the Modicon Controllers.
The vulnerability of Microprogrammed Software in Modicon Controllers stems from the existence of rigidly encoded configuration data used to transmit configuration files to Modicon Controllers. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on Modicon...
Threat actors release Troldesh decryption keys
Update: Kaspersky has updated their ShadeDecryptor tool to include decryption for the keys released by "shade team". You can download the tool and find instructions here. A GitHub user claiming to represent the authors of the Troldesh Ransomware calling themselves the “Shade team” published this...
kernel: some ipv6 protocols not encrypted over ipsec tunnel
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...
JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2020-27793)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...
The vulnerability of the programmable user-programmable gate array (PPVM) for Xilinx Spartan, Artix, Kintex, and Virtex programmable integrated circuits lies in the possibility of intercepting/mocking the file containing the encrypted control bitstream, allowing a hacker to gain full control over the programmable integrated circuits.
The vulnerability of the programmable user-programmable gate array PPVM for Xilinx Spartan, Artix, Kintex, and Virtex programmable logic integrated circuits lies in the ability to intercept or replace the file containing the encrypted control bitstream. Exploiting this vulnerability can allow an...
RHEL 7 / 8 : Ansible security update (2.9.7) (Important) (RHSA-2020:1542)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1542 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over S...
HCL Technologies AppScan Enterprise Trust Management Issue Vulnerability
HCL Technologies AppScan is a suite of dynamic analysis testing tools from HCL Technologies, India, which is primarily used for web security testing. A security vulnerability exists in HCL Technologies AppScan Enterprise 9.0.3.14 and earlier versions, which stems from the product's use of...
CVE-2019-4327
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...
CVE-2019-4327
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...
Hardcoded credentials
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...
CVE-2019-4327
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...