102 matches found
CVE-2020-26816
SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...
CVE-2020-26816
The CVE-2020-26816 issue affects SAP NetWeaver AS Java Key Storage Service. Key material is stored in DER-encoded format in the database and is not encrypted, enabling an administrator to decode the keys and potentially access application data and client credentials of adjacent systems, impacting...
GHSA-5JPF-PJ32-XX53 Authorization header is not sanitized in an error object in auth0
Overview Versions before and including 2.27.0 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be...
CVE-2019-18248
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...
Design/Logic Flaw
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...
CVE-2019-3800
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
CVE-2019-3800
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
Design/Logic Flaw
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
CVE-2019-3800 CF CLI writes the client id and secret to config file
CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...
CVE-2019-3800
CF CLI before v6.45.0 (bosh release 1.16.0) stores the client id and secret in the CLI config file upon authentication with --client-credentials. A local authenticated user with access to that config can impersonate the leaked client. Impact is high for confidentiality and integrity of the creden...
CVE-2019-3800: CF CLI writes the client id and secret to config file | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. CF CLI All versions prior to v6.45.0 CF CLI Release All versions prior to v1.16.0 CF Networking Release All versions Prior to v2.23.0 CF Routing Release All...
CentOS Update for elinks CESA-2013:0250 centos6
Check for the Version of elinks OpenVAS Vulnerability Test CentOS Update for elinks CESA-2013:0250 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
CentOS Update for elinks CESA-2013:0250 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for elinks CESA-2013:0250 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RHEL 5 / 6 : elinks (RHSA-2013:0250)
An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
Scientific Linux Security Update : elinks on SL5.x, SL6.x i386/x86_64 (20130211)
It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. CVE-2012-4545 %NASLMINLEVEL...
CentOS 5 / 6 : elinks (CESA-2013:0250)
An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
elinks: Improper delegation of client credentials during GSS negotiation
The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...
After Damaging Reports, Electronics Manufacturing Giant Foxconn Is Hacked
Members of an online hacking group that calls itself SwaggSec say they hacked systems belonging to Chinese electronics manufacturing giant Foxconn and made off with login credentials belonging to some of the company’s biggest clients. Foxconn has declined to comment. The incident comes in the wak...