555 matches found
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
...
MapUrlToZone Security Feature Bypass Vulnerability
...
DLA-3988-1 jinja2 - security update
Bulletin has no description...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
...
A Bootiful Podcast: Spring Security lead Rob Winch on the amazing Spring Security 6.4 release
Hi, Spring fans! In this installment, we'll talk to the amazing Rob Winch, lead of Spring Security 6.4, about the jam-packed new release! spring springboot security java...
JVN#43845108: Multiple FCNT Android devices vulnerable to authentication bypass
Multiple FCNT Android devices provide security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. The devices contain an authentication bypass vulnerability CWE-306, where, under certain conditions, the setting pages may be accessed without...
Improper Authorization
magento/community-edition is vulnerable to Improper Authorization. The vulnerability is due to improper authorization mechanisms in the affected versions of Adobe Commerce, allows attackers to exploit security features that should restrict access based on user privileges...
Adobe Commerce Competitive Conditions Vulnerability
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A competitive condition vulnerability exists in Adobe Commerce that could be exploited by an attacker to cause a security feature bypass...
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials. "The mechanisms include using malformed ZIP files in combination wit...
CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...
CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...
CVE-2024-45313
Summary: CVE-2024-45313 affects Overleaf Server Pro when installed via the Overleaf Toolkit or legacy docker-compose deployments prior to mid-2024. By default, LaTeX compiles could access the sharelatex container resources (filesystem, network, environment variables) if security features were not...
Fortinet FortiOS Access Control Error Vulnerability (CNVD-2024-37339)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An access control error...
CVE-2024-41909
A flaw was found in Apache MINA SSHD. This flaw allows an attacker who can intercept traffic between the client and server to drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security...
GHSA-RF4Q-M23C-7Q8R Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery CSRF vulnerability that could allow an attacker to bypass security features and perform minor unauthorised actions on behalf of a user. The vulnerability could be exploited...
Magento Improper Authorization Leading to Security feature bypass
Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and disclose minor information...
Microsoft SmartScreen 安全漏洞
Microsoft SmartScreen is a Microsoft-developed security technology designed to help users identify and block potential malware and phishing attacks. A security vulnerability exists in Microsoft SmartScreen. An attacker could exploit the vulnerability to bypass certain features. The following...
CVE-2024-41909 Apache MINA SSHD: integrity check bypass
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...
Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2024-33892)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...
kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...