Lucene search
K

1617 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:14 p.m.39 views

Security Bulletin: IBM CICS TX Standard is vulnerable to a back and refresh attack (CVE-2022-33955)

Summary IBM CICS TX could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. The fix removes this vulnerability CVE-2022-33955 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-33955 DESCRIPTION: IBM CICS TX could allow...

6.8CVSS5.3AI score0.00512EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/14 9:4 p.m.35 views

Security Bulletin: IBM CICS TX Advanced is vulnerable to a back and refresh attack (CVE-2022-33955)

Summary IBM CICS TX could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. The fix removes this vulnerability CVE-2022-33955 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-33955 DESCRIPTION: IBM CICS TX could allow...

6.8CVSS5.3AI score0.00512EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2023/02/14 5:34 p.m.63 views

Bitwarden: Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes

A vulnerability in Bitwarden Desktop for Windows allowed a local attacker to access the biometric master key used for unlocking the vault through Windows Hello. The key was stored in plaintext in the Windows Credential Manager, accessible to any local unprivileged process. This allowed an attacke...

7.1CVSS6.8AI score0.00585EPSS
Exploits1
OSV
OSV
added 2023/02/11 1:23 a.m.3 views

CVE-2022-34392

SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...

5.5CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2023/02/11 1:23 a.m.10 views

CVE-2022-34392

SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...

5.5CVSS5.3AI score0.00164EPSS
Exploits0References1
Prion
Prion
added 2023/02/11 1:23 a.m.19 views

Session fixation

SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...

1.7CVSS5.4AI score0.00164EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/10 8:26 p.m.30 views

CVE-2022-34392

SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...

5.5CVSS5.6AI score0.00164EPSS
Exploits0References1
MSRC
MSRC
added 2023/02/08 8:0 a.m.11 views

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/01/23 3:27 p.m.3 views

postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names

A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...

8CVSS7.3AI score0.01662EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.8 views

Redemptions during undercollateralization can be hot-swapped to steal all funds

Lines of code Vulnerability details Impact During recollateralization/a switch basket/when the protocol collateral isn't sound, a user can have almost their entire redemption transaction hot swapped for nothing. For example, trying to redeem 1M collateral for 1M rTokens could have the user end up...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.3 views

PT-2023-33652 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the drm/amd/display component, where DRR actions are not properly disabled during state commit. The actual impact and attack plausibility have not yet been proven...

7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2023/01/11 7:42 p.m.37 views

CVE-2023-22492 RefreshToken invalidation vulnerability

ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...

5.9CVSS5.9AI score0.00599EPSS
Exploits0References3
OSV
OSV
added 2023/01/11 6:27 p.m.34 views

GHSA-6RRR-78XP-5JP8 Zitadel RefreshToken invalidation vulnerability

Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.20 views

ZITADEL 代码问题漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. A code issue vulnerability exists in ZITADEL versions 2.17.3 and earlier, 2.16.4 and earlier, which stems from allowing a...

5.9CVSS5.9AI score0.00599EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/11 12:0 a.m.6 views

PT-2023-18543 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.16.4 ZITADEL versions prior to 2.17.3 Description: ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's...

5.9CVSS5.6AI score0.00599EPSS
Exploits0References10
Filippo.io
Filippo.io
added 2023/01/08 6:29 p.m.29 views

ssh whoami.filippo.io

I updated the whoami.filippo.io dataset over the holidays, so it should be pretty accurate at least for a little while. If you already know what Im talking about, below are some tidbits about how I fetched the new dataset and how its stored. If you dont, stop reading, and run this. Ill wait. $ ss...

6.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 4:12 p.m.72 views

Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java (CVE-2022-21626)

Summary IBM has addressed the CVE, which potentially affects JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service...

5.3CVSS5.5AI score0.01746EPSS
Exploits0Affected Software4
OSV
OSV
added 2023/01/03 7:21 p.m.5 views

SUSE-SU-2023:0023-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

7.8CVSS7.7AI score0.00248EPSS
Exploits1References5
OSV
OSV
added 2023/01/03 7:19 p.m.5 views

SUSE-SU-2023:0021-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

7.8CVSS7.7AI score0.00248EPSS
Exploits1References5
OSV
OSV
added 2023/01/03 7:19 p.m.7 views

SUSE-SU-2023:0020-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

7.8CVSS7.7AI score0.00248EPSS
Exploits1References5
Rows per page
Query Builder