80 matches found
British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data
British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1203)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1272)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by multiple vulnerabilities: - It was found that GnuTLS's implementation of HMAC- SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to...
EulerOS Virtualization 2.5.3 : gnutls (EulerOS-SA-2019-1272)
According to the version of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could u...
EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1112)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...
Amazon Linux 2 : gnutls (ALAS-2018-1120)
It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...
[ASA-201809-4] strongswan: authentication bypass
Arch Linux Security Advisory ASA-201809-4 ========================================= Severity: High Date : 2018-09-24 CVE-ID : CVE-2018-16151 CVE-2018-16152 Package : strongswan Type : authentication bypass Remote : Yes Link : https://security.archlinux.org/AVG-769 Summary ======= The package...
Claroline 1.8.9 wiki/wiki.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
njRAT Attacks Spike Against Middle East High-Value Targets
Government agencies, telecom and energy organizations in the Middle East are being targeted by espionage malware known as njRAT. The remote access Trojan is thorough in its data-stealing capabilities. Beyond dropping a keylogger, variants are capable of accessing a computer’s camera, stealing...
Stolen Opera Code-Signing Certificate Used to Sign Malware
Opera Software said it was able to contain the impact of a security breach that resulted in the theft of an expired code-signing certificate used to sign malware distributed to Windows users during a 36-minute stretch on June 19. Opera developer Sigbjorn Vik said the browser maker was victimized ...
Chinese Hackers targeting American Drones under Operation Beebus
FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones. These attacks exploited previously discovered...
Chinese Hackers targeting American Drones under Operation Beebus
FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones. These attacks exploited previously discovered...
Comment Crew's Operation Beebus Stealing Drone Tech
FireEye experts have been tracking the Operation Beebus campaign for a few months now, and their latest research suggests that whomever is responsible for the attacks is ultimately interested in stealing drone technology-related secrets. Operation Beebus is an APT-style attack campaign targeting...
Command injection
The ListView control in the Client GUI AClient.exe in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to 1 overwrite the CommandLine...
CVE-2008-1473
The Altiris Client Service AClient.exe in Symantec Altiris Deployment Solution 6.8.x before 6.9.164 allows local users to gain privileges via a "Shatter" style attack...
Code injection
The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack...
CVE-2006-4619
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the 1 IParam parameter, and the 2 PBMGETRANGE and 3 PBMSETRANGE messages in an unspecified progress bar. NOTE: some details are...
CVE-2006-4619
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the 1 IParam parameter, and the 2 PBMGETRANGE and 3 PBMSETRANGE messages in an unspecified progress bar. NOTE: some details are...
DEBIAN-CVE-2006-0294
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory...