Information disclosure

An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential? on an Azure AD Application or Service Principal which is not recommended. This vulnerability allows a user or service in the...

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...

PT-2021-4858 · Microsoft · Azure Site Recovery +3

Name of the Vulnerable Software and Affected Versions: Azure Active Directory AAD affected versions not specified Azure Automation affected versions not specified Azure Site Recovery affected versions not specified Azure Migrate affected versions not specified Description: The issue is related to...

ARM Mbed TLS Trust Management Issue Vulnerability

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption capabilities for mbed products. A security vulnerability exists in ARM Mbed TLS versions prior to 2.24.0, which can be exploited by remote attackers to recover private key data...

SerenityOS 缓冲区错误漏洞

SerenityOS is a graphical Unix-like operating system for x86 computers. A buffer overflow vulnerability exists in /Userland/Libraries/LibCrypto/ASN1/DER.h in SerenityOS. An attacker can exploit this vulnerability to obtain sensitive information by parsing the RSA key ASN.1...

CVE-2020-25856

The function DecWPA2KeyData in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 up to and excluding 2.08 does not validate the size parameter for an rtlmemcpy operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ipa Multiple Vulnerabilities (NS-SA-2020-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ipa packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA master...

CVE-2019-14867

A flaw was found in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code ...

Walmart Labs Concord Information Disclosure Vulnerability

Walmart Labs Concord is a workflow server. The product is mainly used for workflow orchestration and continuous deployment management, among other things. A security vulnerability exists in Walmart Labs Concord versions prior to 1.44.0. A remote attacker can exploit the vulnerability to obtain...

EulerOS 2.0 SP5 : ipa (EulerOS-SA-2020-1107)

According to the version of the ipa packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal...

CVE-2019-14867

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

CVE-2019-14867

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

Information leakage vulnerability in Qibo CMS

Qibo CMS system uses the core + plug-in + channel module system architecture, while then combined with visual labeling technology, can be evolved into a variety of corporate, government, education, units, school websites. Qibo CMS has an information leakage vulnerability that can be exploited by...

Sensitive Data Exposure in pem

Versions of pem before 1.13.2 expose sensitive data when the readPkcs12 is used. The readPkcs12 function reads the certificate and key data from a pkcs12 file using the encryption password. As part of this process it creates a globally readable file with a filename of 20 random 0-f characters in...

Use-After-Free

Mozilla Network Security ServicesNSS is vulnerable to use-after-free attacks. This allows remote attackers to case denial of service via crafted key data with DER encoding...

openSUSE Security Update : hostapd (openSUSE-2018-1293)

hostapd was updated to fix following security issue : - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data bsc1104205 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Security update for hostapd (low)

hostapd was updated to fix following security issue: - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data bsc1104205...

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...