Lucene search
K

2078 matches found

Cvelist
Cvelist
added 2020/07/22 6:5 p.m.16 views

CVE-2014-1422 Location service uses cached authorization even after revocation

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in...

5CVSS5AI score0.00367EPSS
Exploits1References2
CVE
CVE
added 2020/07/22 6:5 p.m.57 views

CVE-2014-1422

The CVE-2014-1422 issue affects Ubuntu’s trust-store component. It causes location permissions revocation to be ineffective because the cache of permissions is honored based on an incorrect ordering and not by creation time, due to the Select struct in src/core/trust/impl/sqlite3/store.cpp. Pract...

5CVSS5AI score0.00367EPSS
Exploits1References2Affected Software2
Hacker One
Hacker One
added 2020/07/06 8:58 p.m.155 views

GitHub Security Lab: CodeQL query for disabled revocation checking

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
OSV
OSV
added 2020/06/23 3:15 p.m.2 views

CVE-2020-9438

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled...

5.9CVSS6.2AI score0.00666EPSS
Exploits0References1
NVD
NVD
added 2020/06/23 3:15 p.m.11 views

CVE-2020-9438

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled...

5.9CVSS0.00666EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/23 2:31 p.m.17 views

CVE-2020-9438

Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled...

5.7AI score0.00666EPSS
Exploits0References1
OSV
OSV
added 2020/06/19 7:15 p.m.14 views

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4.3CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2020/06/19 7:15 p.m.13 views

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4.3CVSS0.0077EPSS
Exploits0References1
Prion
Prion
added 2020/06/19 7:15 p.m.17 views

Session fixation

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4CVSS4.7AI score0.0077EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 6:8 p.m.19 views

CVE-2017-18878

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session...

4.7AI score0.0077EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/06/04 1:6 p.m.8 views

keycloak: missing signatures validation on CRL used to verify client certificates

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself CDP or through the separately configured path. The CRL are often availab...

6.5CVSS5.7AI score0.00291EPSS
Exploits0References4
Kitploit
Kitploit
added 2020/05/31 1:0 p.m.76 views

Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management

Please note : We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at [email protected]. Website: https://www.vaultproject.io IRC: vault-tool on Freenode Announcement list: Google...

6.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.2 views

keycloak: missing signatures validation on CRL used to verify client certificates

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself CDP or through the separately configured path. The CRL are often availab...

6.5CVSS5.7AI score0.00291EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/04/14 12:0 a.m.10 views

ZSQL: Check whether User PUBLIC has Object Permission

Every user automatically belongs to user PUBLIC. For database security, do not grant object permissions to user PUBLIC SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.3AI score
Exploits0References1
Veracode
Veracode
added 2020/04/10 1:7 a.m.33 views

CRL Validation Bypass

OpenSSL is vulnerable to CRL validation bypass. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause anapplication using the OpenSSL Certificate Revocation List CRL checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past...

5CVSS1.9AI score0.05012EPSS
Exploits0References17Affected Software1
OSV
OSV
added 2020/04/08 12:15 a.m.2 views

CVE-2020-11626

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting XSS vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets...

6.1CVSS6.3AI score0.00393EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/04/06 12:0 a.m.8 views

ZSQL: Check for users with CREATE USER permission

Searches for users and roles with CREATE USER permission and checks whether they are authorized to have it. If this permission is no longer necessary, revoke it. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

7.3AI score
Exploits0References1
Akamai Blog
Akamai Blog
added 2020/03/25 11:30 a.m.28 views

Taking Content Protection to the Edge

To protect our industry, we need to protect our content. That's been an ongoing theme in conversations with Akamai's broadcast customers whose streaming offerings have evolved into critical business units. The revenue loss figures in question aren't trivial, nor is the scope of the impact. Global...

7.2AI score
Exploits0
OSV
OSV
added 2020/03/19 2:15 p.m.2 views

CVE-2020-4205

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961...

6.3CVSS6.2AI score
Exploits0References2
CNVD
CNVD
added 2020/03/19 12:0 a.m.2 views

IBM DataPower Gateway Security Bypass Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

6.5CVSS6.9AI score0.00528EPSS
Exploits0References1
Rows per page
Query Builder