1895 matches found
PT-2021-1676 · Microsoft · Azure Active Directory
Name of the Vulnerable Software and Affected Versions: Azure Active Directory affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Azure Active Directory Pod Identity service. It may allow an attacker to gain unauthorized access to...
CVE-2020-10148
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...
Authentication flaw
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...
A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...
U.S. Dept Of Defense: CVE 2020 14179 on jira instance
Summary: An remote attacker can view the custom sla fields used in the jira instance and also can use the sla fields to make a jql query. Impact Information disclosure of the custom sla fields, senstive information leakage throught he jql query parameter Read more about the impact here:...
F5 BIG-IP APM Resource Management Error Vulnerability
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A resource management error vulnerability exists in F5 BIG-IP APM, which can be exploited by an attacker to trigger a denial of service via an...
CVE-2020-8539
creationtimestamp| type| source ---|---|--- 2020-12-01 20:54:10+00:00| seen| https://t.me/cibsecurity/16999 2021-04-23 13:33:46+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/post/android/local/koffee.rb 2025-02-06 03:13:44+00:00| seen|...
CVE-2020-4006
creationtimestamp| type| source ---|---|--- 2020-11-24 00:46:21+00:00| seen| https://t.me/cibsecurity/16761 2020-11-24 06:05:07+00:00| seen| https://t.me/cKure/2959 2020-11-24 08:29:30+00:00| seen| https://t.me/thehackernews/906 2020-11-26 00:48:50+00:00| published-proof-of-concept|...
CVE-2020-15949
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...
binutils: denial of service via crafted ELF file
findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted ELF file...
CVE-2020-3514
CVE-2020-3514 describes a Cisco Firepower Threat Defense (FTD) Software multi-instance container escape. An authenticated, local attacker with valid device credentials could modify a startup container configuration file to escape the container and execute commands with root privileges in the host...
CVE-2020-3514 Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability
A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials ...
CVE-2020-3514 Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability
A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials ...
Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability
A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace. The attacker must have valid credentials ...
Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...
CVE-2020-15157 containerd can be coerced into leaking credentials during image pull
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...
CVE-2020-15157
In containerd an industry-standard container runtime before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign...
CVE-2020-4778
IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram application. IBM X-Force ID: 189156...