Ory fosite contains Improper Handling of Exceptional Conditions

Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...

in cythron/tweango

✍️ Description The Django secret key was hard coded in the Github repository which is vulnerable as https://huntr.dev/bounties/1-other-cythron/Tweango/ accordingly. Since the GitHub public API monitor every single git commit that is made, attacker can still find the key from commit lists. = It is...

CVE-2021-30482

In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly...

CVE-2021-30482

In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly...

Design/Logic Flaw

In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly...

CVE-2021-30482

Affected software: JetBrains Upsource (prior to 2020.1.1883). The CVE-2021-30482 issue is that application passwords were not revoked correctly due to a flaw in Upsource’s password handling. Impact is stated as High risk; remediation: upgrade to version 2020.1.1883 or later where the issue is fix...

Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a denial of service vulnerability (CVE-2020-1971)

Summary If an App Connect flow calls a URL at an endpoint controlled by a malicious user that also controls a Certificate Revocation List, those calls may trigger an application crash resulting in a denial of service. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable t...

CVE-2021-29653

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1...

Denial of service

HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1...

CVE-2021-29653

CVE-2021-29653 affects HashiCorp Vault and Vault Enterprise versions starting from 1.5.1, where under certain circumstances revoked but unexpired certificates may be excluded from the Certificate Revocation List (CRL). This could impair revocation checks, depending on how the CRL is used by the V...

HashiCorp Vault 信任管理问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise versions 1.5.1 and later, which stems from the ability to exclude revoked but unexpired certificates from the CRL...

PT-2021-18385 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.5.8 HashiCorp Vault and Vault Enterprise versions prior to 1.6.4 HashiCorp Vault and Vault Enterprise versions prior to 1.7.1 Description: The issue concerns the exclusion of revoked bu...

SUSE: Security Advisory (SUSE-SU-2021:0681-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : grub2 (openSUSE-2021-462)

This update for grub2 fixes the following issues : grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. bsc1182057 - CVE-2020-25632: Fixed a use-after-free in rmmod command bsc1176711 - CVE-2020-25647: Fixed an out-of-bound write in grubusbdeviceinitialize bsc1177883 -...

pki-core: Unprivileged users can renew any certificate

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...

OPENSUSE-SU-2021:0462-1 Security update for grub2

This update for grub2 fixes the following issues: grub2 implements the new 'SBAT' method for SHIM based secure boot revocation. bsc1182057 - CVE-2020-25632: Fixed a use-after-free in rmmod command bsc1176711 - CVE-2020-25647: Fixed an out-of-bound write in grubusbdeviceinitialize bsc1177883 -...

pki-core: Unprivileged users can renew any certificate

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...

UBUNTU-CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity...

pki-core 安全漏洞

pki-core is a library that provides an API for PKI operations. A security vulnerability exists in pki-core, which can be exploited by an attacker to repeatedly update the corresponding certificate, as long as the certificate is not explicitly revoked...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-1645)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...