Security Bulletin: TADDM - Security improvement: Tomcat default files and non-encrypted administrative interfaces available.

Summary TADDM security improvement deployed starting from TADDM 7.2.1.5 and in TADDM 7.2.2 related to availability of the default Tomcat administration interface. Vulnerability Details CVE-2013-3023 Description TADDM server prompts for credentials to access Tomcat Manager Application and Tomcat...

Security Bulletin: Encrypted passwords field available in result set of User record type (CVE-2012-2165)

Summary The encrypted password field for a user is available to IBM Rational ClearQuest queries and can be displayed in a result set. This is an information disclosure that may assist an attacker in attempts to construct passwords that match that encrypted value. Vulnerability Details | Subscribe...

Security Bulletin: Multiple Vulnerabilities fixed in IBM Security Identity Manager Virtual Appliance ( CVE-2014-6106, CVE-2014-6108, CVE-2014-6109, CVE-2014-6111, CVE-2014-6112 )

Summary Multiple Vulnerabilities fixed in IBM Security Identity Manager versions 5.1, 6.0, and 7.0 Vulnerability Details CVE-ID: CVE-2014-6106 Description: IBM Security Identity Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuadin...

Security Bulletin: IBM Capacity Management Analytics could allow a localuser on the CMA install machine to obtain other CMA user's encrypted usernames and passwords (CVE-2105-7434)

Summary The encrypted password in setenv.sh is always the same which becomes easy to decrypt Vulnerability Details CVEID: CVE-2015-7434 DESCRIPTION: IBM Capacity Management Analytics could allow a local user on the CMA install machine to obtain other CMA user's encrypted usernames and passwords...

Security Bulletin: Vulnerability in SSLv3 affects IBM Integration Designer and WebSphere Integration Developer (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Integration Designer and WebSphere Integration Developer. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : IBM Integration Design...

Amazon Linux 2 : thunderbird (ALAS-2018-1032)

The following CVEs are fixed in the updated thunderbird package : CVE-2018-5161 : Hang via malformed headers CVE-2018-5162 : Encrypted mail leaks plaintext through src attribute CVE-2018-5183 : Backport critical security fixes in Skia CVE-2018-5155 : Use-after-free with SVG animations and text...

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

DEBIAN-CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

Design/Logic Flaw

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

CVE-2018-5184

Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

Code injection

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

CVE-2018-4227

CVE-2018-4227 affects Apple Mail in iOS prior to 11.4 and macOS prior to 10.13.5, enabling remote attackers to read the cleartext contents of S/MIME encrypted messages via direct exfiltration. The Apple advisory notes the issue relates to handling of S/MIME and MIME isolation within Mail, with mi...

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

Apple Mac OS X Security Updates (HT208849)-01

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2018-0261 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150. Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154. Mozilla: Use-after-free with SVG animations and text paths CVE-2018-5155. Mozill...