90 matches found
MTE As Implemented, Part 2: Mitigation Case Studies
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...
CVE-2023-32060 DHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/events
DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker...
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors ... can be silent for years, show no network activity or any other signs of presence...
SUSE CVE-2017-7832
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing...
CVE-2022-23541
jsonwebtoken is an implementation of JSON Web Tokens. Versions = 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There i...
The vulnerability of the Ethernet encapsulation protocol lies in its ability to combine headers, which allows attackers to trigger a service failure or execute a Middleware Interception Attack (MITM).
The vulnerability of the Ethernet encapsulation protocol lies in the ability to combine headers. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or execute a “Man-in-the-Middle” attack...
CVE-2021-40874
An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...
DEBIAN-CVE-2021-40874
An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...
CVE-2021-40874
An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...
Design/Logic Flaw
An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...
UBUNTU-CVE-2021-40874
An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...
The vulnerability of the Display Key Combination Fast Access swhkd implementation in the Wayland display server protocol involves an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the Display KeyCombination Scanner daemon in the Wayland display server protocol implementation is related to an uncontrolled resource consumption during syntax analysis of files with the -c parameter. Exploiting this vulnerability can allow attackers to cause service failure...
CVE-2021-40874
The vulnerability CVE-2021-40874 affects LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug‑in to run a REST password validation service (e.g., for another LemonLDAP::NG instance) and combining Kerberos authentication with another method via the Combination authentication plu...
PT-2022-11318 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG version 2.0.13 Description: An issue was discovered in LemonLDAP::NG when using the RESTServer plug-in for a REST password validation service and the Kerberos authentication method combined with another method using the...
Access-Control Bypass
lemonldap is vulnerable to access control bypass. The vulnerability exists due to the RESTServer pwdConfirm always returns true with Combination + Kerberos...
PT-2021-24000 · Hashicorp · Hashicorp Vault +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.7.5 HashiCorp Vault and Vault Enterprise version 1.8.4 Description: The issue arises when templated ACL policies in HashiCorp Vault and Vault Enterprise match the first-created...
Revive Adserver 5.1.0 Cross Site Scripting
======================================================================== Revive Adserver Security Advisory REVIVE-SA-2021-002 ------------------------------------------------------------------------ https://www.revive-adserver.com/security/revive-sa-2021-002...
QRadar Community Edition 7.3.1.6 Cross Site Scripting
------------------------------------------------------------------------ Reflected Cross-Site Scripting in QRadar Forensics link analysis page ------------------------------------------------------------------------ Yorick Koster, September 2019...
Rockwell Automation 6 In 6 Out Combination Input/Output Module 1746-IO12 Discrete I/O
Binary data 753993.prm...
CVE-2018-20032
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemo...