Lucene search
K

2079 matches found

CNVD
CNVD
added 2020/03/19 12:0 a.m.2 views

IBM DataPower Gateway Security Bypass Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

6.5CVSS6.9AI score0.00528EPSS
Exploits0References1
NVD
NVD
added 2020/03/10 9:15 p.m.11 views

CVE-2020-0054

In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS8.2AI score0.00143EPSS
Exploits0References1
Prion
Prion
added 2020/03/10 9:15 p.m.17 views

Design/Logic Flaw

In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.6CVSS7.7AI score0.00143EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/03/10 8:4 p.m.88 views

CVE-2020-0054

CVE-2020-0054 affects Android 10 in the WifiNetworkSuggestionsManager component. The vulnerability arises from a missing permission check in WifiNetworkSuggestionsManager.java, enabling local privilege escalation without additional execution privileges. Public details specify that exploitation re...

7.8CVSS8.1AI score0.00143EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.16 views

Fedora 31 : opensmtpd (2020-283dc7f094)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.17 views

Fedora 30 : opensmtpd (2020-31216ab928)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

5.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/03/05 11:29 a.m.68 views

Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates

Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...

7.2AI score
Exploits0References7
Schneier on Security
Schneier on Security
added 2020/03/04 12:46 p.m.64 views

Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/03/04 10:54 a.m.4 views

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...

5.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/03/03 8:13 p.m.55 views

Let's Encrypt to Revoke Millions of TLS Certs

UPDATE Popular free certificate authority Let’s Encrypt said it will revoke 3 million Transport Layer Security TLS certificates Wednesday, because of a Certificate Authority Authorization CAA bug. The move could mean that millions of websites and machine identities that rely on those certificates...

7.2AI score
Exploits0References7
Hacker One
Hacker One
added 2020/02/13 9:46 p.m.20 views

Kubernetes: Github test clientID and clientSecret leaked

Report Submission Form Summary: A github clientID and clientSecret for an oauth app are being leaked on github Description While looking for anything that is interesting on github I a clientID and clientSecret for a github oauth app hardcoded. While they have been removed a long time ago, they ar...

0.3AI score
Exploits0
Veracode
Veracode
added 2020/02/04 6:14 a.m.18 views

Insecure Session Management

github.com/hashicorp/vault does not properly handle and manage sessions. The vulnerability exists in Vault Enterprise, where the revocation of a token scoped to a non-root namespace does not properly trigger the revocation of the dynamic secret leases associated with the token...

1.9AI score
Exploits0
NVD
NVD
added 2020/01/15 2:15 p.m.12 views

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

5.9CVSS5.7AI score0.00576EPSS
Exploits0References2
Prion
Prion
added 2020/01/15 2:15 p.m.11 views

Code injection

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

4.3CVSS7.1AI score0.00576EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2020/01/15 1:11 p.m.9 views

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

6.9AI score0.00576EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/01/15 1:11 p.m.22 views

CVE-2012-1316

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks...

5.7AI score0.00576EPSS
Exploits0References2
CVE
CVE
added 2020/01/15 1:11 p.m.36 views

CVE-2012-1316

CVE-2012-1316 affects the Cisco IronPort Web Security Appliance, where the product does not check for certificate revocation, potentially enabling MITM attacks. The linked sources show an impact on integrity (CVSS3.1: HIGH) with network exposure (CVSS3.1: AV:N, AC:H, PR:N, UI:N, S:U) and a CVSSv2...

5.9CVSS5.7AI score0.00576EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2020/01/06 9:48 p.m.100 views

ToTok Returned to Google Play Despite ‘Spy Tool’ Claims

Mobile application ToTok has been reinstated to the Google Play app ecosystem, after it was removed last month due to claims that it was being used for government espionage. ToTok, a social app that was released in 2019 and has been downloaded by millions, gained rapid popularity in the United Ar...

6.9AI score
Exploits0References9
Hacker One
Hacker One
added 2019/12/25 9:2 p.m.27 views

BCM Messenger: Account Takeover with old password and login QR

BCM servers don't store users' passwords, and the private keys are stored locally. If you change the password, the data in the old QR code will not be revoked. Please read the warnings during registration and backup, and protect your account credentials. Thank you! When someone wants to log into...

2.3AI score
Exploits0
OSV
OSV
added 2019/12/19 1:15 a.m.4 views

CVE-2019-15006

There was a man-in-the-middle MITM vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence...

6.5CVSS6.5AI score0.01905EPSS
Exploits0References5
Rows per page
Query Builder