openSUSE Security Update : perl (openSUSE-2020-850)

This update for perl fixes the following issues : - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data bsc1171863. - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the...

USN-4401-1 mutt vulnerabilities

It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to enable MITM attacks. CVE-2020-14093 It was discovered that Mutt incorrectly handled certain requests. An attacker could possibly use this issue to proceeds with a connection even if the...

CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2020:1584-1)

This update for gnutls fixes the following issues : CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to...

CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

DEBIAN-CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

UBUNTU-CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

CVE-2020-14154

CVE-2020-14154 affects mutt prior to 1.14.3. In this version, the client proceeds with a connection after a GnuTLS certificate prompt where the user refuses an expired intermediate certificate, enabling potential trust bypass in TLS handshakes. The issue has been observed in multiple advisories (...

CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate...

openSUSE Security Update : gnutls (openSUSE-2020-790)

This update for gnutls fixes the following issues : - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker ...

Update fixes issues and adds support to MDM clients in Windows RT 8.1 and Windows 8.1

Update fixes issues and adds support to MDM clients in Windows RT 8.1 and Windows 8.1 Introduction This article describes a Mobile Device Manager MDM client update for Windows RT 8.1 and Windows 8.1. This update contains the following improvements and fixes the following issues. Improvement 1 The...

Remote Code Execution (RCE)

chakracore is vulnerable to remote code execution. The vulnerability exists in lib/Backend/Lower.cpp through an issue with interpreting the intermediate representation IR. This CVE ID is different from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713...

CVE-2020-8510

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en user+perms+lang, one can login as any user without a password. Recent assessments: horshark at March 09, 2020 8:27pm UTC reported: CVE in SourceForge project phpABoo...

The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR allows a attacker to cause a service failure.

The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR is related to errors in handling SNMP requests. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2019-16027

A vulnerability in the implementation of the Intermediate SystemtoIntermediate System ISIS routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition in the ISIS process. The vulnerability is due to improper...

CVE-2019-16027 Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate SystemtoIntermediate System ISIS routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition in the ISIS process. The vulnerability is due to improper...

Inspecting TLS Web Traffic - Part 2

In the first blog post I covered why HTTPS web traffic has grown to unprecedented levels, provided a TLS primer and looked at the basic concept of intercepting and inspecting HTTPS web traffic with Man-In-The-Middle techniques MITM. In the second part, I will dive a bit deeper into how the TLS MI...

CVE-2019-9414

In wpasupplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR allows a attacker to cause a service failure.

The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR operating systems is related to errors in the processing of IS-IS protocol data packets. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2019-1910 Cisco IOS XR Software Intermediate System to Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate SystemtoIntermediate System ISIS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same ISIS area to cause a denial of service DoS condition. The vulnerability is due to incorrect...