Lucene search
+L

215 matches found

Github Security Blog
Github Security Blog
added 2018/11/09 5:42 p.m.29 views

Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...

7.5CVSS5.3AI score0.01897EPSS
Exploits1References3Affected Software3
NVD
NVD
added 2018/10/31 5:29 a.m.21 views

CVE-2018-18853

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...

7.5CVSS7.4AI score0.01897EPSS
Exploits1References1
OSV
OSV
added 2018/10/31 5:29 a.m.18 views

CVE-2018-18853

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...

7.5CVSS6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/07/09 12:0 a.m.5 views

PT-2018-9474 · Hapi +1 · @Hapi/Cryptiles +1

Name of the Vulnerable Software and Affected Versions: Eran Hammer cryptiles versions 4.1.1 and earlier Description: The issue is related to insufficient entropy in the randomDigits method, which can result in an increased likelihood of brute force attacks. This attack appears to be exploitable...

9.8CVSS6.3AI score0.01681EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2018/04/11 7:29 p.m.4 views

Junos OS: Short MacSec keys may allow man-in-the-middle attacks.

If all 64 digits of the connectivity association name CKN key or all 32 digits of the connectivity association key CAK key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an...

8.8CVSS5.5AI score0.00634EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/03/27 5:29 p.m.15 views

CVE-2018-7194

Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service preventing the creation of new tickets via a large number of digits in the ticket number format setting...

4.9CVSS5.1AI score0.01305EPSS
Exploits1References1
Wallarm Lab
Wallarm Lab
added 2017/12/12 6:47 a.m.55 views

The First Step-by-Step Guide for Implementing Neural Architecture Search with Reinforcement…

The First Step-by-Step Guide for Implementing Neural Architecture Search with Reinforcement Learning Using TensorFlow Our team is no stranger to various flavors of AI including deep learning DL. That’s why we’ve immediately noticed when Google came out with AutoML project, designed to make AI bui...

7AI score
Exploits0
OSV
OSV
added 2017/10/02 5:1 p.m.5 views

USN-3434-1 libidn vulnerability

It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code...

9.8CVSS7AI score0.03965EPSS
Exploits0References2
OSV
OSV
added 2017/04/10 3:59 a.m.5 views

CVE-2016-5056

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK...

7.5CVSS5.8AI score0.01397EPSS
Exploits2References1
CNVD
CNVD
added 2016/11/29 12:0 a.m.3 views

Design flaws at fast breakfast app login

Fast Breakfast APP is a mobile service software. There is a design vulnerability in the login of Fast Breakfast App, which uses a timestamp to verify whether a user is logged in, and takes the MD5 value of the first 10 digits of the timestamp to mark whether the user is logged in or not; and ther...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/09/13 7:44 p.m.16 views

X (Formerly Twitter): Insufficient validation on Digits bridge

Hi, I would like to report an issue in one of the login methods, getLoginStatus in Digits, which allows attacker to retrieve the OAuth credential data of an application victims authorized. Details The getLoginStatus method provides a seamless login option. If a user has logged in Digits, a websit...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/09/08 8:17 p.m.34 views

X (Formerly Twitter): leaking Digits OAuth authorization to third party websites

Hi, While authenticating digits to my Fabric account i have noticed that the callbackurl is not solid i.e. any sub domain or any path is accepted as callbackurl with host as fabric.io. This issue can be exploited by leaking the authorization token to third party websites websites mentioned on kit...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/04/11 5:2 p.m.17 views

X (Formerly Twitter): Bypassing Digits origin validation which leads to account takeover

Hi, I would like to report an important issue that affects websites that has integrated "Signin with Digits" , leading to potential account takeover. Detail In Digits architecture, the data communication channel between Digits and customer's site relies on postMessage. In order to prevent malicio...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/03/28 4:57 p.m.17 views

X (Formerly Twitter): Incorrect param parsing in Digits web authentication

Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail Digits web authentication has strict validation on host and callbackurl. On the server side, the values are compared with the...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/02/02 4:44 p.m.31 views

X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP

Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/01/13 2:14 p.m.21 views

X (Formerly Twitter): Bypassing Digits bridge origin validation

Hi, I would like to report an issue in the bridge proxy in Digits which allows attacker to retrieve the OAuth credential data of an application victims authorized. Detail In the Digits Web SDK, the method getLoginStatus can be used to retrieve the OAuth credential data of an application if the us...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2016/01/04 4:49 p.m.34 views

X (Formerly Twitter): Bypassing callback_url validation on Digits

Hi, I would like to report an issue in Digits which allows attacker to bypass the callbackurl validation of an application and thus takeover an account. Detail Digits is a part of the Fabric SDK which offers phone-based sign in. It also provides web login flow. In the navigation-based...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/06/05 12:0 a.m.6 views

The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller 2100 allows a remote attacker to execute arbitrary code.

Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...

10CVSS7.9AI score0.94859EPSS
Exploits29References4
BDU FSTEC
BDU FSTEC
added 2015/06/05 12:0 a.m.7 views

The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller 2500 allows a remote attacker to execute arbitrary code.

Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...

10CVSS7.9AI score0.94859EPSS
Exploits29References4
BDU FSTEC
BDU FSTEC
added 2015/06/05 12:0 a.m.8 views

The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller 5500 allows a malicious attacker to execute arbitrary code.

Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...

10CVSS7.9AI score0.94859EPSS
Exploits29References4
Rows per page
Query Builder