11 matches found
CVE-2025-62004
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
PT-2025-52342
Name of the Vulnerable Software and Affected Versions BullWall versions 4.6.0.0 through 4.6.1.4 Description BullWall Server Intrusion Protection services start after login services. An attacker who is already authenticated and has administrative privileges can log in following a system boot,...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin versions 4.3.0 through 4.7.2, and OpenZeppelin contracts-upgradeable versions 4.3.0 through 4.7.2, which stems from the fact that when a proposal is passed to...
setDebtInterestApr should accrue debt first
Lines of code Vulnerability details Impact The setDebtInterestApr changes the debt interest rate without first accruing the debt. This means that the new debt interest rate is applied retroactively to the unaccrued period on next accrue call. It should never be applied retroactively to a previous...
Security update for golang-github-prometheus-prometheus (moderate)
openSUSE Security Update: Security update for golang-github-prometheus-prometheus Announcement ID: openSUSE-SU-2021:2664-1 Rating: moderate References: 1186242 SLE-18254 Cross-References: CVE-2021-29622 CVSS scores: CVE-2021-29622 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected...
Extending the Microsoft Office Bounty Program
Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim. The engagement we have had with the security community has been great and we are looking to continue that collaboration on...
BinaryAlert - Serverless, Real-time & Retroactive Malware Detection
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...
Serverless, Real-time Malware Detection: BinaryAlert
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...
Brave Software: Address Bar Spoofing - Already resolved - Retroactive report
Summary: All details were provided in the original report. You can read it here I'm reporting it here because I asked bcrypt if I should do it and he told me this: F127893 As she said me, I'm reporting here and indicating it's for a retroactive reward. If any identity confirmation or link between...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...