GHSA-Q8QQ-2P5P-RG44 Missing SSH host key validation in Jenkins Amazon EC2 Plugin

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not use SSH host key validation when connecting to agents. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Jenkins Amazon EC2 Plugin 1.50.2 provides strategies for performing...

GHSA-RV9G-67F7-GRQ7 Missing SSH host key validation in Mac Plugin

Mac Plugin 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Mac Plugin 1.2.0 validates SSH host keys when...

GHSA-PFV2-37F7-9M6W Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...

CVE-2022-26380

CVE-2022-26380 affects Siemens SCALANCE X-300/ XR324/ XR324-12M family and related X-30x devices. A SNMP handling flaw allows an unauthenticated attacker to trigger a reboot by requesting specific SNMP information due to improper validation of SNMP keys (out-of-bounds read). Impact is reboot unle...

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid. @Gwen001 has scripted the entire process available here and it can be found here Table of Contents ABTasty API Key Algolia API key Amplitude API Keys Asana Access token AWS Acce...

CVE-2021-23992

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

USN-4948-1: Linux kernel (OEM) vulnerabilities

Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3489...

USN-4947-1 linux-oem-5.6 vulnerabilities

Kiyin 尹亮 discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-35519 It was discovered that the fastrpc driver i...

CVE-2021-23992

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbi...

django: potential data leakage via malformed memcached keys

A flaw was found in Django, where the memcached backend does not perform key validation and passes malformed keys. This flaw causes a key collision and potential data leakage. The highest threat from this vulnerability is to confidentiality...

GHSA-R9P9-MRJM-926W Elliptic Uses a Broken or Risky Cryptographic Algorithm

The npm package elliptic before version 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential...

CVE-2020-11269

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

Indutny Elliptic Encryption Problem Vulnerability

Indutny Elliptic is a Javascript-based codebase from the Indutny individual developer that provides fast elliptic curve encryption for applications. Indutny Elliptic has a security vulnerability that stems from the lack of a check to validate the public key...

Azure Functions Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly...

Data leakage via cache key collision in Django

An issue was discovered in Django version 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage...

FreeBSD : Django -- multiple vulnerabilities (597d02ce-a66c-11ea-af32-080027846a02)

Django security release reports : CVE-2020-13254: Potential data leakage via malformed memcached keys In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. In order to avoid this vulnerability,...

USN-4381-2 python-django vulnerabilities

USN-4381-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of...

Information Disclosure

django is vulnerable to information disclosure. The vulnerability exists as the add, get, set, delete, getmany, incr, decr operations in django/core/cache/backends/memcached.py does not properly validate the cache key...