EUVD-2006-5826

Malware in sbrugna...

PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

MyCrypto: HTML Injection on https://www.mycrypto.com/

A vulnerability was reported by t-pwn that allowed arbitrary HTML injection via the notifier functionality. After a keystore file was uploaded, the filename would be shown without first sanitizing it. MyCrypto has since fixed our notification to no longer display the unsanitized filename...

CVE-2006-5842

The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information...

CVE-2006-5842

The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information...