PT-2023-2967 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows a remote attacker to communicate with private API endpoints, such as "/login", "/consoleSettings", and "/console", despite Virtual Host Routing being used to...

kubernetes: node address isn't always verified when proxying

A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While...

SSRF vulnerability in Recurly gem's Resource#find.

If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...

GitLab: Confidential issues leaked in public projects when attached to milestone

Vulnerability details When a confidential issue in a public or internal project is attached to a milestone, it is exposed through the GitLab API. Proof of concept As a victim, create a new public or internal project. Lets state that the project has ID 1. Create a milestone for this project. After...

chromium-browser: use-after-free in WebRTC

Use-after-free vulnerability in browser/extensions/api/webrtcaudioprivate/webrtcaudioprivateapi.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...

CVE-2016-1639

Use-after-free vulnerability in browser/extensions/api/webrtcaudioprivate/webrtcaudioprivateapi.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...

Design/Logic Flaw

Use-after-free vulnerability in browser/extensions/api/webrtcaudioprivate/webrtcaudioprivateapi.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...

UBUNTU-CVE-2016-1639

Use-after-free vulnerability in browser/extensions/api/webrtcaudioprivate/webrtcaudioprivateapi.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...

CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app...

CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

java-1_7_0-openjdk: update to 2.3.6 (critical)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...