164 matches found
[SECURITY] Fedora 28 Update: gnupg-1.4.23-1.fc28
GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...
CVE-2016-6599
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...
CVE-2017-17843
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...
Enigmail Information Disclosure Vulnerability (CNVD-2018-00135)
Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. An information disclosure vulnerability exists in versions of Enigmail prior to 1.9.9. An attacker can exploit th...
NQ Contacts Backup&Restore Information Disclosure Vulnerability
NQ Contacts Backup&Restore application for Android is a set of data backup and recovery software based on Android platform. A security vulnerability exists in version 1.1 of the NQ Contacts Backup&Restore application for Android, which originates from the program's use of a DES encryption algorit...
Explained: security certificates
As a result of my PowerShell series 1,2,3, where I used the handling of certificates as an example, mainly because I wanted a method to keep track easier of which certificates were being added by malware, I've have received some questions about how security certificates work and how they stopped...
EternalPetya and the lost Salsa20 key
We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry. The research is still in progress, and the full report will be published soon. In this post, we will focus on some new important aspects of the current malware. The low-level attac...
Google Android - 'cfp_ropp_new_key_reenc' / 'cfp_ropp_new_key' RKP Memory Corruption
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=979 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel running in EL1 remains protected from exploit...
UBUNTU-CVE-2013-1430
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file /.vnc/sesman$usernamepasswd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key...
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...
SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...
MGASA-2016-0038 Updated chrony packages fix security vulnerability
In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...
Updated chrony packages fix security vulnerability
In chrony before 1.31.2, when used with symmetric key encryption, the client would accept packets encrypted with keys for any configured server, allowing a server to impersonate other servers to clients, thus performing a man-in-the-middle attack CVE-2016-1567...
Grinder - System to Automate the Fuzzing of Web Browsers
Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information such as call stacks with symbol information as well as logging information which can be used...
[SECURITY] Fedora 19 Update: gnupg-1.4.15-1.fc19
GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...
[SECURITY] Fedora 20 Update: gnupg-1.4.15-1.fc20
GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...
PT-2020-7479 · Gnome +3 · Gnome Evolution +4
Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.8.4 and earlier Evolution Data Server versions 3.9.5 and earlier Description: The issue is related to the gpg ctx add recipient function, which does not properly select the GPG key for email encryption. This might...
Fedora Update for gnupg FEDORA-2007-316
Check for the Version of gnupg OpenVAS Vulnerability Test Fedora Update for gnupg FEDORA-2007-316 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Guidance EnCase Enterprise uses weak authentication to identify target machines
Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...
[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1
GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...