1617 matches found
Security Bulletin: IBM CICS TX Standard is vulnerable to a back and refresh attack (CVE-2022-33955)
Summary IBM CICS TX could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. The fix removes this vulnerability CVE-2022-33955 from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2022-33955 DESCRIPTION: IBM CICS TX could allow...
Security Bulletin: IBM CICS TX Advanced is vulnerable to a back and refresh attack (CVE-2022-33955)
Summary IBM CICS TX could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. The fix removes this vulnerability CVE-2022-33955 from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2022-33955 DESCRIPTION: IBM CICS TX could allow...
Bitwarden: Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes
A vulnerability in Bitwarden Desktop for Windows allowed a local attacker to access the biometric master key used for unlocking the vault through Windows Hello. The key was stored in plaintext in the Windows Credential Manager, accessible to any local unprivileged process. This allowed an attacke...
CVE-2022-34392
SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...
CVE-2022-34392
SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...
Session fixation
SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...
CVE-2022-34392
SupportAssist for Home PCs versions 3.11.4 and prior contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information...
New MSRC Blog Site
We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
A flaw was found in PostgresQL. This flaw allows an attacker to benefit from a miss escaping character and leads to a SQL injection attack due to Java.sql.ResultRow.refreshRow implementation from PGSQL...
Redemptions during undercollateralization can be hot-swapped to steal all funds
Lines of code Vulnerability details Impact During recollateralization/a switch basket/when the protocol collateral isn't sound, a user can have almost their entire redemption transaction hot swapped for nothing. For example, trying to redeem 1M collateral for 1M rTokens could have the user end up...
PT-2023-33652 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the drm/amd/display component, where DRR actions are not properly disabled during state commit. The actual impact and attack plausibility have not yet been proven...
CVE-2023-22492 RefreshToken invalidation vulnerability
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...
GHSA-6RRR-78XP-5JP8 Zitadel RefreshToken invalidation vulnerability
Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...
ZITADEL 代码问题漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. A code issue vulnerability exists in ZITADEL versions 2.17.3 and earlier, 2.16.4 and earlier, which stems from allowing a...
PT-2023-18543 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.16.4 ZITADEL versions prior to 2.17.3 Description: ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's...
ssh whoami.filippo.io
I updated the whoami.filippo.io dataset over the holidays, so it should be pretty accurate at least for a little while. If you already know what Im talking about, below are some tidbits about how I fetched the new dataset and how its stored. If you dont, stop reading, and run this. Ill wait. $ ss...
Security Bulletin: IBM DataPower Gateway affected by vulnerability in Java (CVE-2022-21626)
Summary IBM has addressed the CVE, which potentially affects JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service...
SUSE-SU-2023:0023-1 Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...
SUSE-SU-2023:0021-1 Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...
SUSE-SU-2023:0020-1 Security update for rmt-server
This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...