2016 matches found
Insecure Access Control
cockpit has insecure access control. The vulnerability exists due to a flaw was found in Cockpit allowing client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the certificate status...
CVE-2022-22173
A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon pkid of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service DoS. In a scenario where Public Key Infrastructure PKI is used in combination with...
CVE-2022-22173
A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon pkid of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service DoS. In a scenario where Public Key Infrastructure PKI is used in combination with...
PT-2025-8224
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock issue has been identified in the Linux kernel related to the Ceph file system. The issue occurs when a file is created with O RDWR and a request is sent to the...
New BLISTER Malware Using Code Signing Certificates to Evade Detection
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has...
UBUNTU-CVE-2021-39945
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project...
PT-2021-23938 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.11 Description: A vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature in Discourse, an open source discussion platform. This feature allows a tag group ...
Improper Privilege Management in Apache Ozone
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...
PT-2021-21257 · Apache · Apache Ozone
Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows authenticated users with permission to the key to retrieve initially generated block tokens from the metadata database. These tokens can be used even after access has been...
CVE-2021-41312
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors...
UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forge
As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports. Two days earlier, on...
F5 Networks BIG-IP : cURL vulnerability (K15402727)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K15402727 advisory. curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient...
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...
PT-2021-22383 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue is related to a Broken Access Control vulnerability in the issue notification feature, allowing users who have watched an issue to continue receiving update...
DEBIAN-CVE-2021-34434
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...
CVE-2021-34434
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked...
Cockpit 信任管理问题漏洞
Cockpit is an interactive server management interface. A security vulnerability exists in Cockpit that allows client certificates to be successfully authenticated regardless of certificate revocation list CRL configuration or certificate status...
CVE-2021-40088
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...
CVE-2021-40088
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...