115 matches found
PT-2022-21780 · Unknown · Go-Resolver
Name of the Vulnerable Software and Affected Versions: go-resolver affected versions not specified Description: The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG...
A CISO's Ultimate Security Validation Checklist
If you're heading out of the office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you're away? More importantly – do you have the right action plan in place for a seamless return? Whether you're on the way out of – or back to – t...
Information Disclosure
curl is vulnerable to information disclosure. The vulnerability exists due to improper security validations which allows an attacker to gain access to credentials of other servers...
Windows LSA Protection Status
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or...
HackerOne: Private invitation links/tokens leak to third-party analytics site
Summary: Private invite links are normally FILTERED before sending to third-party analytics sites. But it is seen that in few cases where the invitation link that requires users to accept NDA policy, the private invitation links are still sent to third party analytics site. Steps to reproduce 1...
CVE-2021-43620
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...
CVE-2021-43620
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...
CVE-2021-1929
Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...
Privilege Escalation
libapache2-mod-auth-openidc is vulnerable to privilege escalation. The vulnerability exists due to oidcvalidateredirecturl does not parse URLs the same way as most browsers...
CVE-2021-1228 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...
CVE-2021-1228 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...
CVE-2020-11177
User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...
[ASA-202102-22] helm: insufficient validation
Arch Linux Security Advisory ASA-202102-22 ========================================== Severity: Low Date : 2021-02-07 CVE-ID : CVE-2021-21303 Package : helm Type : insufficient validation Remote : No Link : https://security.archlinux.org/AVG-1539 Summary ======= The package helm before version...
CVE-2020-25275
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...
Insecure XML Parsing
github.com/crewjam/saml does not perform secure XML parsing. An attacker is able to forge part of a signed XML document due to a lack of validation...
Integer overflow
u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
CVE-2020-3864
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...
Red Team — Automation or Simulation?
What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, t...
Binary Vulnerability in Siemens PLC at Siemens (China) Co.
Siemens is a global technology company that provides solutions for customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drives and software with innovations in electrification, automation and digitalization. A binary vulnerability...
Internet Bug Bounty: DirectoryIterator class silently truncates after a null byte
The bug submitted at: https://bugs.php.net/bug.php?id=78863 The security advisory at: https://nvd.nist.gov/vuln/detail/CVE-2019-11045 There's an issue with SPL PHP extension on splfilesystemobjectconstruct function. When creating a new DirectoryIterator object splfilesystemobjectconstruct functio...