Code injection

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message...

CVE-2020-7358

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

Fedora 30 : viewvc (2020-c952520959)

Fix for CVE-2020-5283. ViewVC 1.1.28 ChangeLog - security fix: escape subdir lastmod file name 211 - fix standalone.py first request failure 195 ViewVC 1.1.27 ChangeLog : - suppress stack traces with option to show 140 - distinguish text/binary/image files by icons 166, 175 - colorize alternating...

HackerOne: Distinguish EP+Private vs Private programs in HackerOne

Hi! I would like to provide the following matrix in order to distinguish between EP+Private vs Private programs in HackerOne, without the need to login. I am using two endpoints. These are: 1. https://hackerone.com/ENTITY/thanks/2012.json and 2. https://hackerone.com/ENTITY/thanks/2013.json If...

CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...