4287 matches found
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and...
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and...
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and...
Code injection
DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and...
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and...
PT-2019-7914 · Bittorrent +1 · Qbittorrent +1
Name of the Vulnerable Software and Affected Versions: qBittorrent version 3.3.15 Description: The issue concerns the UI Lock feature, which can be bypassed by tampering with the config file. An attacker can gain unauthorized access to qBittorrent functions by modifying the locked attribute withi...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Exploit
Exploit for Android platform in category local exploits Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-102...
SMA Solar Technology inverter access control error vulnerability (CNVD-2017-27841)
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. An access control error vulnerability exists in the SMA Solar Technology inverter. An attacker could use this vulnerability to change the system time, affecting the timestamp-based locking policy and the random numb...
UBUNTU-CVE-2017-1000111
Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...
Cybozu Garoon 3.0.0 - 4.2.4 Multiple Vulnerabilities
Cybozu Garoon is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:garoon"; ifdescription...
[SECURITY] Fedora 24 Update: libdb-5.3.28-24.fc24
The Berkeley Database Berkeley DB is a programmatic toolkit that provides embedded database support for both traditional and client/server applications. The Berkeley DB includes B+tree, Extended Linear Hashing, Fixed and Variable-length record access methods, transactions, locking, logging, share...
CVE-2017-2144
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page...
CVE-2017-2144
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page...
CVE-2017-2144
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page...
CVE-2017-2144
Cybozu Garoon versions 3.0.0–4.2.4 are affected by multiple CVEs (CVE-2017-2144, CVE-2017-2145, CVE-2017-2146) per sources in CVE/NVD listings and OpenVAS. CVE-2017-2144 (improper access restriction) may allow a logged-in attacker to lock another user’s files via a specially crafted page. CVE-201...
Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net
Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...
NotNow - Explanation and Cause
There are certain times when the device is not able to do what the server requests. For example, databases cannot be modified while the device is locked with Data Protection. When a device cannot perform a command due to situations like this, it will send the NotNow status without performing the...