2079 matches found
IBM DataPower Gateway Security Bypass Vulnerability
IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...
CVE-2020-0054
In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Design/Logic Flaw
In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0054
CVE-2020-0054 affects Android 10 in the WifiNetworkSuggestionsManager component. The vulnerability arises from a missing permission check in WifiNetworkSuggestionsManager.java, enabling local privilege escalation without additional execution privileges. Public details specify that exploitation re...
Fedora 31 : opensmtpd (2020-283dc7f094)
Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...
Fedora 30 : opensmtpd (2020-31216ab928)
Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...
Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates
Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...
Let's Encrypt Vulnerability
The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...
Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...
Let's Encrypt to Revoke Millions of TLS Certs
UPDATE Popular free certificate authority Let’s Encrypt said it will revoke 3 million Transport Layer Security TLS certificates Wednesday, because of a Certificate Authority Authorization CAA bug. The move could mean that millions of websites and machine identities that rely on those certificates...
Kubernetes: Github test clientID and clientSecret leaked
Report Submission Form Summary: A github clientID and clientSecret for an oauth app are being leaked on github Description While looking for anything that is interesting on github I a clientID and clientSecret for a github oauth app hardcoded. While they have been removed a long time ago, they ar...
Insecure Session Management
github.com/hashicorp/vault does not properly handle and manage sessions. The vulnerability exists in Vault Enterprise, where the revocation of a token scoped to a non-root namespace does not properly trigger the revocation of the dynamic secret leases associated with the token...
CVE-2012-1316
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...
Code injection
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...
CVE-2012-1316
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...
CVE-2012-1316
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...
CVE-2012-1316
CVE-2012-1316 affects the Cisco IronPort Web Security Appliance, where the product does not check for certificate revocation, potentially enabling MITM attacks. The linked sources show an impact on integrity (CVSS3.1: HIGH) with network exposure (CVSS3.1: AV:N, AC:H, PR:N, UI:N, S:U) and a CVSSv2...
ToTok Returned to Google Play Despite ‘Spy Tool’ Claims
Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. ToTok, a social app that was released in 2019 and has been downloaded by millions, gained rapid popularity in the United Ar...
BCM Messenger: Account Takeover with old password and login QR
BCM servers don't store users' passwords, and the private keys are stored locally. If you change the password, the data in the old QR code will not be revoked. Please read the warnings during registration and backup, and protect your account credentials. Thank you! When someone wants to log into...
CVE-2019-15006
There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...