56 matches found
CVE-2022-24071
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...
What does Zero Trust mean for API security?
The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to...
CVE-2020-25688
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal t...
Privilege Escalation
Presto is vulnerable to privilege escalation. During the Presto server installations with secure internal communication configured, having a direct access to internal APIs allows an authenticated user to bypass the authorization checks...
CVE-2020-15087
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
CVE-2020-15087
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
CVE-2020-15087
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
Authorization
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
CVE-2020-15087
CVE-2020-15087 affects Presto server installations with secure internal communication configured. Authenticated users can bypass authorization checks by directly accessing internal APIs in Presto prior to version 337. The issue does not apply to installations lacking secure internal communication...
CVE-2020-15087 Privilege escalation in Presto
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication,...
GHSA-F6PC-CRHH-CP96 Privilege escalation in Presto
Affected This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. Impact Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured...
Privilege escalation in Presto
Affected This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. Impact Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured...
PT-2020-14175 · Presto · Presto
Name of the Vulnerable Software and Affected Versions: Presto versions prior to 337 Description: Authenticated users can bypass authorization checks by directly accessing internal APIs. This issue impacts Presto server installations with secure internal communication configured. It does not affec...
Unspecified vulnerability in Cloudera CDH (CNVD-2020-14228)
Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.6.1. An attacker could exploit t...
Privilege escalation
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR 52.1 and Firefox 53...
Ping Identity: Server-Side Request Forgery on SAML Application - Import via URL
Summary == The My Applications feature on PingOne Identity admin allows you to add new SAML applications to your account. One feature allows you to import metadata via URI instead of via upload. This uses Java 1.8 to make an external web request to the URI supplied. Typically this is hard to...