64 matches found
EUVD-2020-0392
Malware in sbrugna...
EUVD-2020-0529
Malware in sbrugna...
EUVD-2020-0532
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-15134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em- http-request and faye-websocket in the Ruby version of i...
Linux Distros Unpatched Vulnerability : CVE-2020-11020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The...
Linux Distros Unpatched Vulnerability : CVE-2020-15133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the...
CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
CVE-2020-15134
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...
CVE-2020-11020
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
Faye’s Journey: From Security PM to Diversity Advocate at Microsoft
Faye, a veteran at Microsoft for 22 years, has had a career as varied as it is long. Her journey began in 2002 as the first desktop security Project Manager PM in Microsoft IT. From there, she transitioned into owning a deployment team that deployed to desktops and handled operations for Office’s...
faye-sas.fr Improper Access Control vulnerability OBB-3824502
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-JJ93-39PF-7MCF bsock uses weak hashing algorithms
An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
CVE-2023-50475
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
CVE-2023-50475
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
Information disclosure
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
CVE-2023-50475
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
CVE-2023-2820
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...
Information disclosure
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...
CVE-2023-2820
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...
PT-2023-21627 · Proofpoint · Proofpoint Threat Response
Name of the Vulnerable Software and Affected Versions: Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP versions prior to 5.10.0 Description: An information disclosure issue in the faye endpoint could allow an attacker on an adjacent network to obtain credentials to integrated...