CVE-2021-36775

CVE-2021-36775 is an Improper Access Control issue in SUSE Rancher. The vulnerability allows users to retain privileges that should have been revoked. Affected Rancher versions are prior to 2.4.18, prior to 2.5.12, and prior to 2.6.3. Patched releases are 2.4.18, 2.5.12, 2.6.3 and later. This adv...

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automation management tool from IBM, U.S.A. An access control error vulnerability exists in IBM Sterling Partner Engagement Manager version 6.2.0, which stems from the lack of a revocation mechanism for JWT tokens. An attacker could exploit the...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to impersonation attack (CVE-2022-22332)

Summary IBM Sterling Partner Engagement Manager CVE-2022-22332 is vulnerable to impersonation attack due to weakness in the JWT token used as an authentication mechanism in the APIs. The issue has been addressed. Vulnerability Details CVEID: CVE-2022-22332 DESCRIPTION: IBM Sterling Partner...

CVE-2022-22332

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131...

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.

...

CVE-2022-23041

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

Input validation

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

DEBIAN-CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

Design/Logic Flaw

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

UBUNTU-CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

CVE-2022-21170

The CVE-2022-21170 issue is an improper certificate revocation check (CWE-299) in Digital Arts i-FILTER and associated products. A remote attacker could perform a man-in-the-middle attack to eavesdrop on TLS traffic. Affected: i-FILTER Ver.10.45R01 and earlier; i-FILTER Ver.9.50R10 and earlier; i...

i-FILTER vulnerable to improper check for certificate revocation

Overview i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early...

Digital Arts i-FILTER 信任管理问题漏洞

Digital Arts i-FILTER is a web filtering software from Digital Arts Japan. It is used to counter targeted attacks. A security vulnerability exists in Digital Arts i-FILTER that originates from improper certificate revocation checks. A remote attacker could exploit the vulnerability to conduct a...

JVN#33214411: i-FILTER vulnerable to improper check for certificate revocation

i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the software and add settings Update the software to the latest version...

8x8 Bounty: jaas.8x8.vc: Removed users can still have READ/WRITE access to the workspace via different API endpoints

An improper access control vulnerability was discovered in jaas.8x8.vc, where removed users could still have READ/WRITE access to the workspace via different API endpoints, if they were logged in and saved their session cookies. The issue was resolved by fixing the session management...

AlmaLinux 8 : curl (ALSA-2021:1610)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1610 advisory. - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 - A malicious server can u...