53 matches found
CVE-2021-20252
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...
CVE-2021-20252
A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...
CVE-2021-20252
CVE-2021-20252 affects Red Hat 3scale API Management Platform 2. The vulnerability arises because the 3scale backend does not properly constrain user-requested date ranges in certain queries, allowing an authenticated user to submit a sufficiently large date range that can trigger an internal ser...
CVE-2020-27133
creationtimestamp| type| source ---|---|--- 2020-12-11 20:35:53+00:00| seen| https://t.me/cibsecurity/20364 2020-12-11 20:46:09+00:00| seen| https://t.me/cibsecurity/20384 2020-12-11 21:25:23+00:00| seen| https://t.me/cibsecurity/20403 2020-12-11 22:04:41+00:00| seen| https://t.me/cibsecurity/204...
GHSA-8RXG-9G6F-VQ9P Malicious Package in another-date-range-picker
Version 4.1.48 of another-date-range-picker contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 4.1.48 of this module is found...
HackerOne: IDOR in Bugs overview enables attacker to determine the date range a hackathon was active
A minor Insecure Direct Object Reference IDOR vulnerability is present in the /bugs endpoint. One of the Bugs overview filters enables a program member to filter by Hackathon that their program was a part of. This filter is applied when hackathon IDs are provided in the hackathons parameter, like...
Input validation
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration beginning year extended delayed by 100 years...
CVE-2017-1000415
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration beginning year extended delayed by 100 years...
CVE-2017-1000415
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration beginning year extended delayed by 100 years...
CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key
Today, Rapid7 is notifying Nexpose and InsightVM users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. ...
libarchive: Undefined behavior (signed integer overflow) in mtree parser
Undefined behavior signed integer overflow was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service...
How to Collect Logs for Veeam Backup & Replication
Purpose This article documents how to collect logs from Veeam Backup & Replication and additional information to include when submitting a Veeam Support case for technical assistance. Additional Logging Veeam Backup & Replication interoperates with other Veeam products. Please refer to the...
CVE-2013-3897
creationtimestamp| type| source ---|---|--- 2013-10-09 08:31:46+00:00| seen| MISP/52551442-68dc-4e84-9325-42b5950d2109 2013-10-11 11:46:13+00:00| seen| MISP/5257e4a4-a694-4701-8cc4-42bdac1d4fa4 2013-10-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28974 2018-05-29...