215 matches found
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...
CVE-2018-18853
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...
CVE-2018-18853
Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service resource consumption because of Algorithmic Complexity during the parsing of a field composed of many decimal digits...
PT-2018-9474 · Hapi +1 · @Hapi/Cryptiles +1
Name of the Vulnerable Software and Affected Versions: Eran Hammer cryptiles versions 4.1.1 and earlier Description: The issue is related to insufficient entropy in the randomDigits method, which can result in an increased likelihood of brute force attacks. This attack appears to be exploitable...
Junos OS: Short MacSec keys may allow man-in-the-middle attacks.
If all 64 digits of the connectivity association name CKN key or all 32 digits of the connectivity association key CAK key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an...
CVE-2018-7194
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service preventing the creation of new tickets via a large number of digits in the ticket number format setting...
The First Step-by-Step Guide for Implementing Neural Architecture Search with Reinforcement…
The First Step-by-Step Guide for Implementing Neural Architecture Search with Reinforcement Learning Using TensorFlow Our team is no stranger to various flavors of AI including deep learning DL. That’s why we’ve immediately noticed when Google came out with AutoML project, designed to make AI bui...
USN-3434-1 libidn vulnerability
It was discovered that Libidn incorrectly handled decoding certain digits. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly execute arbitrary code...
CVE-2016-5056
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK...
Design flaws at fast breakfast app login
Fast Breakfast APP is a mobile service software. There is a design vulnerability in the login of Fast Breakfast App, which uses a timestamp to verify whether a user is logged in, and takes the MD5 value of the first 10 digits of the timestamp to mark whether the user is logged in or not; and ther...
X (Formerly Twitter): Insufficient validation on Digits bridge
Hi, I would like to report an issue in one of the login methods, getLoginStatus in Digits, which allows attacker to retrieve the OAuth credential data of an application victims authorized. Details The getLoginStatus method provides a seamless login option. If a user has logged in Digits, a websit...
X (Formerly Twitter): leaking Digits OAuth authorization to third party websites
Hi, While authenticating digits to my Fabric account i have noticed that the callbackurl is not solid i.e. any sub domain or any path is accepted as callbackurl with host as fabric.io. This issue can be exploited by leaking the authorization token to third party websites websites mentioned on kit...
X (Formerly Twitter): Bypassing Digits origin validation which leads to account takeover
Hi, I would like to report an important issue that affects websites that has integrated "Signin with Digits" , leading to potential account takeover. Detail In Digits architecture, the data communication channel between Digits and customer's site relies on postMessage. In order to prevent malicio...
X (Formerly Twitter): Incorrect param parsing in Digits web authentication
Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail Digits web authentication has strict validation on host and callbackurl. On the server side, the values are compared with the...
X (Formerly Twitter): Bypassing Digits web authentication's host validation with HPP
Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail As described in 108429, the login page has 2 parameters, consumerkey and host. The former identifies which app a user wants to...
X (Formerly Twitter): Bypassing Digits bridge origin validation
Hi, I would like to report an issue in the bridge proxy in Digits which allows attacker to retrieve the OAuth credential data of an application victims authorized. Detail In the Digits Web SDK, the method getLoginStatus can be used to retrieve the OAuth credential data of an application if the us...
X (Formerly Twitter): Bypassing callback_url validation on Digits
Hi, I would like to report an issue in Digits which allows attacker to bypass the callbackurl validation of an application and thus takeover an account. Detail Digits is a part of the Fabric SDK which offers phone-based sign in. It also provides web login flow. In the navigation-based...
The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller 2100 allows a remote attacker to execute arbitrary code.
Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...
The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller 2500 allows a remote attacker to execute arbitrary code.
Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...
The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller 5500 allows a malicious attacker to execute arbitrary code.
Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...