360 matches found
CloudForms: User Impersonation in the API for OIDC and SAML
A vulnerability was found in Red Hat CloudForms which allows a malicious attacker to impersonate any user or create a non-existent user with any entitlement in the appliance and perform an API request...
About the security content of watchOS 6.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
Information Disclosure
modperl is vulnerable to information disclosure. It was discovered that Red Hat Network Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a single hard-coded authentication key. A remote attacker who is able to connect to the Satellite Server XML-RPC service could use this...
CVE-2020-3883
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements...
CVE-2020-3883
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements...
Design/Logic Flaw
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements...
CVE-2020-3883
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements...
About the security content of watchOS 6.2
About the security content of watchOS 6.2 This document describes the security content of watchOS 6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Command Injection
Overview Versions of entitlements prior to 1.3.0 are vulnerable to Command Injection. The package does not validate input on the entitlements function and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.3.0 or later...
CVE-2018-4446
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1...
CVE-2018-4446
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1...
CVE-2018-4403
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1...
CVE-2018-4403
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1...
CVE-2018-4322
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12...
CVE-2018-4322
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12...
Design/Logic Flaw
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1...
Design/Logic Flaw
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12...
Information disclosure
This issue was addressed by removing additional entitlements. This issue affected versions prior to macOS Mojave 10.14.1...
CVE-2018-4446
CVE-2018-4446 affects Apple iOS File Provider prior to iOS 12.1.1. The issue stemmed from entitlements handling, enabling a malicious app to learn information about the presence of other apps on the device. Apple’s advisory notes the fix as part of iOS 12.1.1 with improved entitlements; versions ...
CVE-2018-4446
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1...