121 matches found
GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...
WordPress Simple JWT Login plugin Access Control Error Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in the WordPress Simple JWT Login plugin in versions prior to...
The vulnerability of the authentication system for web applications, LemonLDAP::NG, related to an error in processing authentication keys, allows attackers to perform spear-phishing attacks.
The vulnerability of the authentication system for web applications related to the error in processing authentication keys controlled by users. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
DEBIAN-CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
Design/Logic Flaw
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
UBUNTU-CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
CVE-2021-31866
CVE-2021-31866 affects Redmine before 4.0.9 and 4.1.x before 4.1.3. An attacker can learn internal authentication keys by observing timing differences in string comparisons in SysController and MailHandlerController, causing information disclosure. Affected product is Redmine (web-based project m...
PT-2021-4587 · Redmine · Redmine
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.8 Redmine versions 4.1.0 through 4.1.2 Description: The issue is related to a timing difference in string comparison operations within SysController and MailHandlerController, allowing an attacker to learn...
[SECURITY] Fedora 32 Update: apt-2.1.7-1.fc32
This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...
GDPR.EU has er… a data leakage issue
GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to comply with GDPR. Whilst it isn’t an official EU Commission site, it is partly funded by the EU. You may also be familiar with Proton...
Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys Vulnerability
Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction. Title: Cellebrite Hardcoded ADB Authentication Keys Publicatio...
CVE-2019-16204
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server...
CVE-2019-16204
Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server...
CVE-2019-16204
The CVE-2019-16204 issue affects Brocade Fabric OS prior to versions 7.4.2f, 8.2.2a, 8.1.2j, and 8.2.1d. The vulnerability allows exposure of external passwords, common secrets, or authentication keys used between the switch and an external server. Root cause: information disclosure via insecure ...
The vulnerability of the package for configuring the cloud-init process in Linux operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the cloud-init configuration package for Linux operating systems is related to an error in the handling of authentication keys controlled by the user. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...
Examining Pointer Authentication on the iPhone XS
Posted by Brandon Azad, Project Zero In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel...
Unspecified Vulnerability in ECOS Secure Boot Stick (CNVD-2019-38284)
The ECOS Secure Boot Stick a.k.a. SBS is a security device from ECOS TECHNOLOGY, Germany for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit the vulnerability to take contro...
Unspecified Vulnerability in ECOS System Management Appliance
ECOS System Management Appliance a.k.a. SMA is a virtual appliance from ECOS TECHNOLOGY, Germany, for centralized management of ECOS products, which is capable of running on VMware, Crtrix XenServer, and Hyper-V. A security vulnerability exists in ECOS SMA version 5.2.68 that stems from a failure...