95 matches found
MAL-2025-16013 Malicious code in boulder-butterfly-uff542-project (npm)
The package boulder-butterfly-uff542-project was found to contain malicious code...
MAL-2025-16019 Malicious code in boulder-igloo-bzd590-project (npm)
The package boulder-igloo-bzd590-project was found to contain malicious code...
Malicious code in boulder-tb2z4-vn8c6-bison-project (npm)
The package boulder-tb2z4-vn8c6-bison-project was found to contain malicious code...
MAL-2025-16014 Malicious code in boulder-caravan-wix752-project (npm)
The package boulder-caravan-wix752-project was found to contain malicious code...
MAL-2025-14916 Malicious code in aspen-boulder-hpk856-project (npm)
The package aspen-boulder-hpk856-project was found to contain malicious code...
[SECURITY] Fedora 36 Update: golang-github-letsencrypt-pebble-2.3.1-5.fc36
A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server n ot suited for a production certificate authority...
Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates
Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...
Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...
Researchers exploit LTE flaws to send 50,000 fake presidential alerts
By Waqas Researchers managed to cover a 50,000 seat football stadium using only four malicious portable stations. A group of security researchers from the University of Colorado Boulder has published a paper detailing the findings of their latest research revealing that LTE vulnerabilities can he...
Man-in-the-Middle (MitM)
github.com/letsencrypt/boulder is vulnerable to man-in-the-middle MitM attacks. The application is configured to assign X509 certificates over http, allowing a malicious user to intercept and inject their own certificate...
Non-expiring Signatures
github.com/letsencrypt/boulder is vulnerable to non-expiring signatures. A malicious user can use an old signature and submit it to the application to be authenticated...
Authentication Bypass
github.com/letsencrypt/boulder is vulnerable to authentication bypass. A malicious user can bypass validation by passing an RSA key such that the RSA key matches the signature of a still-provisioned resource on the target domain...
video.dailycamera.com XSS vulnerability
Vulnerable URL: http://video.dailycamera.com/Anti-Trump-Marchers-Block-the-Highway-into-Boulder-Colorado-31625969?playlistId="// Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 12:45 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
Giant Boulder of Death - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Giant Boulder of Death published at the 'play' market has multiple vulnerabilities...
Drone Application Privacy, Security Shortcomings
This Threatpost op-ed is part of a series of guest contributions from computer security research and policy experts. Today, we feature Kaspersky Lab’s Kurt Baumgartner. Boulder, Colorado’s Open Space and Mountain Parks winter photo gallery displays parts of the beautiful and productive 45,000-plu...