PT-2019-12017

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.3.10 Description The issue allows an attacker with S/MIME or PGP encrypted emails to craft a multipart email, hiding the encrypted parts using HTML/CSS or ASCII newline characters. When the receiver replie...

Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by following vulnerability - A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition.The...

Security Bulletin: IBM Event Streams could allow a remote attacker to bypass security restrictions by modifying the UI session cookie

Summary IBM Event Streams could allow a remote attacker to bypass security restrictions after authenticating with Event Streams. By modifying the UI session cookie, it may be possible for a remote attacker to steal user and session information that was sent during an encrypted session...

UC Browser is the presence of man in the middle attacks(MITM)vulnerability that could impact more than a billion devices-vulnerability warning-the black bar safety net

Researchers find UC Browser in the presence of a vulnerable functional block can be exploited by attackers to perform MiTM attacks. Because the UC Browser using the HTTP Protocol to communicate with the server, the transmission information is not encrypted, so the would be attacker hook request...

CVE-2019-1741

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

CVE-2019-1741

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

Race condition

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

Cisco IOS XE ETA Denial of Service Vulnerability

Cisco IOS XE is a modular operating system based on the Linux kernel. A denial of service vulnerability exists in the Cisco Encrypted Traffic Analysis ETA feature of Cisco IOS XE, which arises from a logic error in the program when processing malformed incoming packets, and can be exploited by a...

Apple macOS Mojave DiskArbitration Logic Flaw Vulnerability

Apple macOS Mojave is a dedicated operating system developed by Apple for Mac computers.DiskArbitration is one of the components used to handle disk mounts. A security vulnerability exists in the DiskArbitration component in Apple macOS Mojave versions prior to 10.14.4. An attacker could use this...

PT-2019-11338 · Jenkins · Jenkins Rqm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PRQA Plugin versions 3.1.0 and earlier Description: A security issue allows attackers with local file system access to the Jenkins home directory to obtain an unencrypted password from the plugin configuration. The plugin stored a...

CVE-2019-1741 Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

CVE-2019-1741 Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

Cisco IOS XE Software Encrypted Traffic Analytics Denial of Service Vulnerability

A vulnerability in the Cisco Encrypted Traffic Analytics ETA feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to...

CVE-2019-9862

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext for instance, the current rolling cod...

CVE-2019-9862

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext for instance, the current rolling cod...

CVE-2019-9862

An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext for instance, the current rolling cod...

Ruby on Rails DoubleTap Development Mode secret_key_base Vulnerability

Ruby on Rails versions including 5.2.2.1 and prior are vulnerable to a predicatble secretkeybase in development mode, which could be used to recreated a signed message, such as a serialized object, and gain remote code execution. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

openSUSE Security Update : git-annex (openSUSE-2019-497)

This update for git-annex to version 6.20180626 fixes the following issues : - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-364)

This update for Mozilla Thunderbird to version 52.8 fixes the following issues : Security issues fixed MFSA 2018-13, boo1092548 : - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG...

OPENSUSE-SU-2019:0098-1 Security update for systemd

This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled allocas bsc1120323 - CVE-2018-16866: Fixed an information leak in journald bsc1120323 - CVE-2018-6954: Fix mishandling of symlink...