531 matches found
Input validation
Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...
CVE-2020-24432
Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...
Design/Logic Flaw
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...
CVE-2020-4785
CVE-2020-4785 affects IBM App Connect Enterprise Certified Container Dashboard (versions 1.0.0–1.0.4 with Operator). The vulnerability allows a remote attacker to hijack a victim’s click actions (clickjacking) by luring the user to a malicious site, potentially enabling further attacks. IBM’s bul...
Security Bulletin: App Connect Enterprise Certified Container Dashboard is vulnerable to clickjacking (CVE-2020-4785)
Summary App Connect Enterprise Certified Container Dashboard is vulnerable to a clickjacking attack that may cause an information leak. Vulnerability Details CVEID: CVE-2020-4785 DESCRIPTION: IBM App Connect Enterprise Certified Container could allow a remote attacker to hijack the clicking actio...
Auto-Discover and Secure Middleware Instances in Your Environment
Enterprise middleware plays a critical role in bringing together many moving parts within an organization, ensuring efficient collaboration, seamless integration and interoperability. A systematic evaluation of middleware architectures is important to thoroughly assess the overall security and...
Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2019-11324
Summary The App Connect Enterprise Certified Container Dashboard is vulnerable to CVE-2019-11324 through its use of CouchDB for storing flow data, where the Operator is installed in a Restricted Network cluster. Vulnerability Details CVEID: CVE-2019-11324 DESCRIPTION: urllib3 could allow a remote...
Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities
Summary App Connect Enterprise Certified Container is vulnerable to CVE-2020-10531, CVE-2020-11080, CVE-2020-8174, CVE-2020-8172 in Node.js Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which i...
Security Bulletin: App Connect Enterprise Certified Container is vulnerable to a regular expression infinite loop (NODE-SECURITY-1488)
Summary App Connect Enterprise Certified Container is vulnerable to a regular expression infinite loop that would cause the Designer UI to become unresponsive. Vulnerability Details Third Party Entry: 177309 DESCRIPTION: Node.js acorn module denial of service CVSS Base score: 5.3 CVSS Temporal...
360lock Smart Lock Review
Two years ago I helped kick start a smart lock, the 360lock. It finally arrived this week. It has different modules like a keybox below and a bike chain. I originally live tweeted the hack on Tuesday Sep 8, 2020. So, how good is it? Blockchain integration! According to the website the 360lock has...
almaktabaeltayeba.com Cross Site Scripting vulnerability OBB-1268577
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Security Bulletin: IBM MQ certified container is vulnerable to multiple vulnerabilities within IBM MQ.(CVE-2019-4655, CVE-2019-4560, CVE-2019-4614, CVE-2019-4620)
Summary Multiple vulnerabilities were found within IBM MQ which is packaged with the IBM MQ certified container. Vulnerability Details CVEID: CVE-2019-4655 DESCRIPTION: IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow ...
Security Bulletin: IBM MQ certified container is vulnerable to a denial of service vulnerability in golang (CVE-2019-17596)
Summary A vulnerability was discovered in golang which is used to create the control programs used by IBM MQ certified container. Vulnerability Details CVEID: CVE-2019-17596 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA public key. By...
ALPINE-CVE-2019-18610
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syst...
CVE-2019-18976
An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...
CVE-2019-18790
An issue was discovered in channels/chansip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls...
Null pointer dereference
An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...
CVE-2019-18976
An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...
CVE-2019-18976
An issue was discovered in respjsipt38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940...
CVE-2019-18976
CVE-2019-18976 affects Sangoma Asterisk and Certified Asterisk up to 13.x; a NULL pointer dereference and crash can occur when receiving a re-invite that initiates T.38 faxing if the SDP has a port of 0 and no c-line. Public details confirm the affected file is res_pjsip_t38.c and the issue is a ...