68 matches found
MGASA-2021-0189 Updated thunderbird packages fix security vulnerabilities
An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key CVE-2021-23991. A crafted OpenPGP key with an invalid user ID could be used to confuse the user CVE-2021-23992. Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key CVE-2021-23993...
OwnCloud Encryption Issues Vulnerabilities
OwnCloud OwnCloud is a personal cloud storage solution from OwnCloud Owncloud, an American company. An encryption issue vulnerability exists in OwnCloud. The vulnerability stems from a lock protection mechanism that can be bypassed by moving the system date/time to the past. No details of the...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-2311)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2020:2648-1 Security update for SUSE Manager 3.2
This update for SUSE Manager 3.2 fixes the following issues: salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form bsc1175884, CVE-2020-8028 spacewalk-java: - Use the Salt API in authenticated and...
SUSE-SU-2019:3347-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr MFSA 2019-37 bsc1158328 Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 - CVE-2019-13722: Fixed a stack corruption due to incorrect number of argument...
SUSE-SU-2019:3337-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr MFSA 2019-37 bsc1158328 Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction bmo1546331 - CVE-2019-13722: Fixed a stack corruption due to incorrect number of argument...
Pulse Secure Pulse Connect Secure and Pulse Policy Secure Encryption Issue Vulnerabilities
Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse and Pulse Policy Secure are both products of Pulse Secure, Inc.Pulse Connect Secure is an SSL VPN solution. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a network access control solution. An...
Moxa AWK-3121 Encryption Issues Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An encryption issue vulnerability exists in Moxa AWK-3121 version 1.14. The vulnerability stems from the network system or product not properly using the relevant cryptographic algorithms, resulting in content not...
SUSE-SU-2018:4235-1 Security update for MozillaFirefox, mozilla-nspr and mozilla-nss
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in MozillaFirefox: - Update to Firefox ESR 60.4 bsc1119105 - CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 - CVE-2018-18492: Fixed a...
Bluefin (Ingenico) IPP320 failing to communicate with Sage Exchange Desktop via ICA Channel Serial COM Port
Serial COM port redirected device Bluefin Ingenico IPP320 with encryption, fails to complete the communication with the Sage Payment Solutions...
Forever 21 Says PoS Systems Exposed Customer Data for 8 Months
Fashion retailer Forever 21 confirmed a breach made public in November resulted in the theft of credit card data belonging to an undisclosed number of customers. The company had stated that a lack of encryption used on some of its point-of-sales payment terminals could have resulted in unauthoriz...
CVE-2016-3614
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption...
Process Shows "Starting Application", Freezes When Launching Applications from Receiver for iOS or From Browser on iOS Devices
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. When trying to launch an application from and iOS device using the browser or the Citrix Receiver, t...
HackerOne: HackerOne Important Emails Notification are sent in clear-text
Our e-mail provider at the time had problems where some e-mails would not be sent out over TLS. Based on data from Google Postmaster Tools, we were seeing as high as 12% of our e-mail from our provider to Google mail servers not encrypted. We opened a case with them on March 31st, 2016, about thi...
$30 Child Toy is enough to hack FBI Radios
$30 Child Toy is enough to hack FBI Radios The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being release...
ServerAlive weak encryption
Passwords are stored in text file in base64 format...
[NEWS] Multiple Payload Handling Flaws in ISAKMPd
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
MSIE->NAFjpuInHistory
NAFjpuInHistory tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. it also works after applying the patch for "Using the backbutton in IE is dangerous" OS Ver: "Windows XP Cn ver" demo...
Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
Hello, Over a year ago, I published a paper that attempted to analyze the randomness of PRNGs used in TCP/IP stacks on several operating systems. The approach I've chosen resulted in detecting some non-trivial dependencies in several generators, and some amusing 3D pictures. The original RAZOR...
CVE-2001-0967
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt function, which makes it easier for an attacker to conduct brute force password guessing...