5464 matches found
Design/Logic Flaw
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to...
CVE-2019-3736
Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to...
Design/Logic Flaw
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...
UBUNTU-CVE-2019-11739
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...
UBUNTU-CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
Cisco IOS and IOS XE HTTP Client Resource Management Error Vulnerability
Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A resource management error vulnerability exists in the HTTP client functionality in Cisco IOS and IOS XE, which arises from a program that does not take into account TCP port information when matching...
CVE-2019-12665
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
Design/Logic Flaw
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
CVE-2019-12665 Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
CVE-2019-12665 Cisco IOS and IOS XE Software HTTP Client Information Disclosure Vulnerability
A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...
PT-2019-11809 · Jenkins · Jenkins Violation Comments To Gitlab Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Violation Comments to GitLab Plugin version 2.28 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner. Specifically, the plugin stored API tokens unencrypted in job config.xml files and its...
PT-2019-11810 · Jenkins · Jenkins Violation Comments To Gitlab Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Violation Comments to GitLab Plugin version 2.28 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner. Specifically, the Violation Comments to GitLab Plugin stored API tokens unencrypted in j...
The vulnerability of the microprogramming software for Moxa EDS-G516E and Moxa EDS-510E switches lies in the use of a rigidly encrypted cryptographic key in the configuration file. This allows an intruder to gain unauthorized access to the protected information.
The vulnerability of the microprogramming software for Moxa EDS-G516E and Moxa EDS-510E switches lies in the use of a rigidly encrypted cryptographic key in the configuration file. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...
CVE-2019-10990
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files...
Hello! My name is Dtrack
Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim's ATMs, where it could read and...
CVE-2019-11739
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...
Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks
Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...
The vulnerability of the FortiOS operating system, related to security configuration errors, allows attackers to circumvent existing security restrictions.
The vulnerability of the FortiOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by using specially crafted SSL/TLS or HTTP traffic...
Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78
Immediately after Mozilla announced its plan to soon enable 'DNS over HTTPS ' DoH by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, 'DNS over HTTPS' perform...