Lucene search
K

90 matches found

GoogleProjectZero
GoogleProjectZero
added 2023/08/02 12:0 a.m.30 views

MTE As Implemented, Part 2: Mitigation Case Studies

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...

7.3AI score
Exploits0
OSV
OSV
added 2023/05/09 2:54 p.m.27 views

CVE-2023-32060 DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...

6.5CVSS6.3AI score0.00515EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/03/29 9:17 a.m.39 views

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors ... can be silent for years, show no network activity or any other signs of presence...

6.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.1 views

SUSE CVE-2017-7832

The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing...

5.3CVSS8.5AI score0.01514EPSS
Exploits0References4
NVD
NVD
added 2022/12/22 6:15 p.m.23 views

CVE-2022-23541

jsonwebtoken is an implementation of JSON Web Tokens. Versions = 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There i...

6.3CVSS0.00753EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/09/28 12:0 a.m.8 views

The vulnerability of the Ethernet encapsulation protocol lies in its ability to combine headers, which allows attackers to trigger a service failure or execute a Middleware Interception Attack (MITM).

The vulnerability of the Ethernet encapsulation protocol lies in the ability to combine headers. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or execute a “Man-in-the-Middle” attack...

4.7CVSS5.6AI score0.0071EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/07/18 12:15 a.m.22 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2022/07/18 12:15 a.m.3 views

DEBIAN-CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS8.6AI score0.00927EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/07/18 12:15 a.m.36 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS7.2AI score0.00927EPSS
Exploits1References3
Prion
Prion
added 2022/07/18 12:15 a.m.26 views

Design/Logic Flaw

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

7.5CVSS9.6AI score0.00927EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/07/18 12:15 a.m.2 views

UBUNTU-CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS5.8AI score0.00927EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/07/18 12:0 a.m.8 views

The vulnerability of the Display Key Combination Fast Access swhkd implementation in the Wayland display server protocol involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the Display KeyCombination Scanner daemon in the Wayland display server protocol implementation is related to an uncontrolled resource consumption during syntax analysis of files with the -c parameter. Exploiting this vulnerability can allow attackers to cause service failure...

5.3CVSS5.9AI score0.00822EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2022/07/17 11:16 p.m.82 views

CVE-2021-40874

The vulnerability CVE-2021-40874 affects LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug‑in to run a REST password validation service (e.g., for another LemonLDAP::NG instance) and combining Kerberos authentication with another method via the Combination authentication plu...

9.8CVSS9.6AI score0.00927EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/17 12:0 a.m.5 views

PT-2022-11318 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG version 2.0.13 Description: An issue was discovered in LemonLDAP::NG when using the RESTServer plug-in for a REST password validation service and the Kerberos authentication method combined with another method using the...

9.8CVSS7.3AI score0.00927EPSS
Exploits1References10
Veracode
Veracode
added 2022/02/27 11:16 p.m.16 views

Access-Control Bypass

lemonldap is vulnerable to access control bypass. The vulnerability exists due to the RESTServer pwdConfirm always returns true with Combination + Kerberos...

9.8CVSS2.9AI score0.00927EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/30 12:0 a.m.6 views

PT-2021-24000 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.7.5 HashiCorp Vault and Vault Enterprise version 1.8.4 Description: The issue arises when templated ACL policies in HashiCorp Vault and Vault Enterprise match the first-created...

6.5CVSS7.6AI score0.01008EPSS
Exploits0References10
Packet Storm
Packet Storm
added 2021/01/27 12:0 a.m.342 views

Revive Adserver 5.1.0 Cross Site Scripting

======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-002 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-002...

6.3AI score0.22064EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/04/21 12:0 a.m.106 views

QRadar Community Edition 7.3.1.6 Cross Site Scripting

------------------------------------------------------------------------ Reflected Cross-Site Scripting in QRadar Forensics link analysis page ------------------------------------------------------------------------ Yorick Koster, September 2019...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.11 views

Rockwell Automation 6 In 6 Out Combination Input/Output Module 1746-IO12 Discrete I/O

Binary data 753993.prm...

7.3AI score
Exploits0References1
NVD
NVD
added 2019/03/21 9:29 p.m.18 views

CVE-2018-20032

A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemo...

7.5CVSS8.5AI score0.02242EPSS
Exploits0References3
Rows per page
Query Builder