Ivanti Endpoint Manager 安全漏洞

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. An encryption misuse vulnerability exists in Ivanti Endpoint Manager, which can be exploited by an attacker to decrypt other users' passwords...

CVE-2019-15629

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAGMISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device...

ROS-20250122-02

A vulnerability in the USB component of the Linux kernel is related to incorrect input validation in the usbparseendpoint function in drivers/usb/core/config.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the cachefiles component of th...

Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

...

GHSA-V3X9-WRQ5-868J Apache Answer: The link for resetting user password is not Single-Use

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...

Apache Answer: The link for resetting user password is not Single-Use

Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...

In CreditLine#_borrowTokensToLiquidate, oracle is used wrong way

Handle 0x0x0x Vulnerability details Current implementation to get the price is as follows: uint256 ratioOfPrices, uint256 decimals = IPriceOraclepriceOracle.getLatestPriceborrowAsset, collateralAsset; But it should not consult borrowToken / collateralToken, rather it should consult the inverse of...

CVE-2020-28086

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...

CVE-2019-3666

CVE-2019-3666 affects McAfee Web Advisor (WA) web interface prior to version 4.1.1.48. The vulnerability is described as an API abuse/misuse in the WA web interface that allows a remote, unauthenticated attacker to induce the browser to navigate to restricted websites via a specially crafted web ...

CVE-2019-15629

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAGMISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device...