wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

Denial Of Service (DoS)

eap7 is vulnerable to denail of service. The vulnerability exists due to a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal...

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

Qualcomm 组件代码问题漏洞

The Qualcomm Component is a component of Qualcomm Incorporated USA. The intrinsic parts that provide the functionality of Qualcomm devices. A code issue vulnerability exists in the Qualcomm Component that arises from a memory corruption during buffer allocation due to dereferencing the session ct...

CVE-2020-21993

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Ivanti Workspace Manager Security Bypass Vulnerability

Ivanti Workspace Manager Security Bypass Vulnerability Rem Remarks CVE-2019-10885 - 0day Rem An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated Rem users with low privileges in a Workspace Control managed session can bypass Workspace Control Rem security...

Ivanti Workspace Manager Security Bypass

Rem Remarks CVE-2019-10885 - 0day Rem An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated Rem users with low privileges in a Workspace Control managed session can bypass Workspace Control Rem security features configured for this session by resetting the...

CVE-2019-7671

Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a user’s browser session in context of an affected site...

CVE-2019-10885

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass Workspace Control security features configured for this session by resetting the session context...

CVE-2019-10885

Summary: CVE-2019-10885 affects Ivanti Workspace Control prior to 10.3.90.0. Local authenticated users with low privileges in a Workspace Control managed session can bypass security features by resetting the session context. What’s affected: Ivanti Workspace Control (Workspace Manager) clients an...

Zero Trust part 1: Identity and access management

Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, Ill define Zero Trust and then discuss the first step to enabling a Zero Trust modelstrong identity and access management. In subsequent blogs, well cove...

Microsoft Windows Local Elevation of Privilege Vulnerability (CNVD-2017-13007)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A local elevation of privilege vulnerability exists in Microsoft Windows. A local attacker could exploit this vulnerability to execute arbitrary code in the context of another user's session...

[ MDVSA-2014:026 ] openldap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:026 http://www.mandriva.com/en/support/security/ Package : openldap Date : February 12, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and...

CVE-2013-4449

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service slapd crash by unbinding immediately after a search request, which triggers rwmconndestroy to free the session context while it is being used by...