CVE-2017-9604

It was found that KMail's Send Later with Delay function bypassed OpenPGP signing and encryption, causing the message to be sent unsigned and in plain-text. A remote attacker, with access to the user's network traffic, could potentially use this flaw to obtain sensitive information from the...

CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

DEBIAN-CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

UBUNTU-CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2017-9604

CVE-2017-9604 details (Mode C): Affected software uses KDE PIM components: kmail and messagelib (KDE Applications before 17.04.2), with the issue occurring in the Send Later flow. The root cause is that the plugin’s sign/encrypt action is not guaranteed to occur during Send Later, enabling potent...

CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2017-9604

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2017-9469

An out-of-bound heap read was found in irssi's getfileparamscount function, during the parsing of a DCC SEND request. An IRC client connected to the same IRC network as the target could send a specially crafted request that would force irssi to read 1 byte outside of an allocated string, which...

picocom Command Injection Vulnerability

picocom is a minimal dumb terminal emulation program that can be used as a configuration demodulator configuration, testing and debugging tool. A command injection vulnerability exists in the 'send and receive file' command in versions of picocom prior to 2.0. An attacker can exploit this...

UBUNTU-CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...

DEBIAN-CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...

CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...

DEBIAN-CVE-2017-9074

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service out-of-bounds read and BUG or possibly have unspecified other impact via crafted socket...

KDE 4/5 - 'KAuth' Local Privilege Escalation

// cc -Wall smb0k.c -pedantic -std=c11 // // smb4k PoC, also demonstrating broader scope of a generic kde // authentication bypass vulnerability // // C 2017 Sebastian Krahmer // define POSIXCSOURCE 200112L include include include include include include include include include void dieconst char...

Security Bypass Vulnerability in Multiple Samsung Phones

Samsung SM-G920F Galaxy S6 and others are smartphones released by the South Korean company Samsung Samsung. A security bypass vulnerability exists in several Samsung phones. An attacker can use the vulnerability to make a call, send a text message or issue a command...

Gratipay: Unauthorized access to the slack channel via inside.gratipay.com/appendices/chat

Summary It is possible to force send invites for gratipay slack channel to arbitary email ids with no bruteforce limit. This is done by modifying the coc parameter to 1 in the POST data sent from https://inside.gratipay.com/appendices/chat Description Sending a post request with coc parameter set...

TP-Link TL-SG108E Certificate Disclosure Vulnerability

The TP-Link TL-SG108E is a Gigabit Ethernet switch. A security vulnerability exists in the TP-Link TL-SG108E. A remote attacker can exploit the vulnerability to read 'SEND data' logs and retrieve certificates...