Lucene search
K

489 matches found

RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.2 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.0 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:57 p.m.2 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/02 9:47 a.m.2 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
OSV
OSV
added 2020/08/29 8:15 p.m.14 views

CVE-2020-24928

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

5.3CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2020/08/29 8:15 p.m.19 views

Design/Logic Flaw

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

5CVSS5.2AI score0.00941EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/08/18 4:34 p.m.5 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.1 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.3 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:25 p.m.5 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
HackRead
HackRead
added 2020/03/26 2:30 p.m.26 views

Critical vulnerabilities found in popular Password Managers

By Sudais Asif In a study conducted by researchers from the University of York, 5 password managers were analyzed out of a total sample size of 19 in order to find vulnerabilities. This is a post from HackRead.com Read the original post: Critical vulnerabilities found in popular Password Managers...

2.5AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/03/06 6:32 a.m.43 views

Fill your Boots with credential stuffing protections

Yet again another company suffers a ‘hack’ that turns out to be nothing more than a credential stuffing attack. This time Boots have stopped customers using advantage card points to pay for products. This is after 600,000 Tesco accounts were compromised in the same way. No systems at Boots were...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/03/02 6:23 p.m.43 views

Simplicity is the Key to Enterprise Cybersecurity

Editor’s Note: Sam Bocetta, a guest author on the VMware Carbon Black blog, is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography. In today’s digital environment, companies are...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/02/10 6:43 a.m.30 views

Password managers for all staff. Why the resistance?!

I’ve lost count of the number of times I’ve talked about passwords. I mention them in every talk I do. They are used in pretty much every service we test, they are the gatekeepers to our data, they are the protectors of our money and yet we still have not fixed them. As security professionals we...

7.2AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2020/02/02 12:0 p.m.48 views

Dashlane's Super Bowl Ad Proves Password Managers Have Arrived

A company you’ve never heard of is spending millions of dollars to let you know it can make your online life easier...

2.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.5 views

The vulnerability of the command-line tools for package managers NPM and Yarn allows a attacker to re-record any files in the target directory.

The vulnerability of the command-line tools for package managers NPM and Yarn exists due to an incorrect limitation on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to rewrite any files in the target directory remotely...

7.7CVSS6.9AI score0.01984EPSS
Exploits0References6Affected Software5
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.4 views

The vulnerability of the command-line tools for package managers NPM and Yarn allows a hacker to write arbitrary files.

The vulnerability of the command-line tools for package managers NPM and Yarn is related to errors in link handling. Exploiting this vulnerability allows a malicious actor to write arbitrary files by creating symbolic links to files outside the module directory thenodemodules, or by manipulating...

7.7CVSS7AI score0.03266EPSS
Exploits0References6Affected Software5
Microsoft Secure
Microsoft Secure
added 2019/12/09 5:0 p.m.53 views

Improve cyber supply chain risk management with Microsoft Azure

For years, Microsoft has tracked threat actors exploiting federal cyber supply chain vulnerabilities. Supply chain attacks target software developers, systems integrators, and technology companies. Tactics often include obtaining source code, build processes, or update mechanisms to compromise...

7.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/10/16 8:17 p.m.101 views

When can we get rid of passwords for good?

Or perhaps I should have asked, "Can we ever get rid of passwords for good?" The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or...

7.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2019/09/30 4:0 a.m.10 views

Maximizing Onboarding: Giving managers the skills for success

Managing teams come with challenges as well as rewards. Managers drive individual and team performance, and the best managers drive employee connection and engagement. Akamai believes that employees are our biggest asset; by effectively and efficiently integrating them into the...

4.2AI score
Exploits0
Rows per page
Query Builder