Lucene search
K

2077 matches found

FreeBSD
FreeBSD
added 2018/07/13 12:0 a.m.26 views

rubygem-doorkeeper -- token revocation vulnerability

NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

7.5CVSS3.5AI score0.01611EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/07/12 7:52 p.m.17 views

Malicious Package in eslint-scope

Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers. Recommendation The best course of action if you found this package installed in your...

2.3AI score
Exploits0References5Affected Software2
Node.js
Node.js
added 2018/07/12 4:34 p.m.527 views

Malicious Package

Overview Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package...

7.1AI score
Exploits0Affected Software1
RubySec
RubySec
added 2018/07/11 12:0 a.m.80 views

Doorkeeper gem does not revoke token for public clients

Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...

7.5CVSS1.5AI score0.01611EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/07/10 6:29 p.m.2 views

CVE-2018-12461

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2018/07/10 6:29 p.m.17 views

CVE-2018-12461

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

7.5CVSS5AI score0.00488EPSS
Exploits0References1
Prion
Prion
added 2018/07/10 6:29 p.m.18 views

Design/Logic Flaw

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

5CVSS7.5AI score0.00488EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/10 6:0 p.m.19 views

CVE-2018-12461 Certificate Revocation Check failure

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation...

3.5CVSS7.5AI score0.00488EPSS
Exploits0References1
CVE
CVE
added 2018/07/10 6:0 p.m.45 views

CVE-2018-12461

CVE-2018-12461 affects NetIQ eDirectory prior to version 9.1.1 and concerns the certificate revocation check. The issue is described as a check failure in revocation processing; the fixed state implies upgrade to 9.1.1 or later as the mitigation. CVSS data present (v3 base score 7.5; HIGH) but th...

7.5CVSS5.6AI score0.00488EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.28 views

Security Bulletin: IBM SmartCloud Orchestartor - Trustee token revocation does not work with memcache backend (CVE-2014-2237)

Summary When a trustor issues a trust token with impersonation enabled, the token is only added to the trustor's token list and not to the trustee's token list. This scenario results in the trust token not being invalidated by the trustee's token revocation bulk revocation. It is most noticeable...

5CVSS0.3AI score0.01367EPSS
Exploits1Affected Software1
OSV
OSV
added 2018/02/15 4:29 p.m.2 views

CVE-2017-17302

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific...

3.3CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2018/02/15 4:29 p.m.16 views

CVE-2017-17302

Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. An authenticated, local attacker may craft and load some specific...

3.3CVSS3.8AI score0.00138EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/01/29 4:9 p.m.12 views

GitLab: Removing a user from a private group doesn't remove him from group's project, if his project's role was changed

Summary: a rogue user is added to a private group with dozen of projects b The role in some projects is changed for the rogue user c rogue is fired, and removed from the group: he still has access to projects where his role was changed Description: the b can happen for a lot of different reasons:...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2018/01/28 12:0 a.m.21 views

Debian: Security Advisory (DLA-977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.03914EPSS
Exploits1References3
CNVD
CNVD
added 2018/01/25 12:0 a.m.4 views

Memory leak vulnerability in multiple Huawei products (CNVD-2018-02542)

Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. A memory leak vulnerability exists in several Huawei products due to a failure of the device to properly free allocated memory. A local attacker with...

3.3CVSS6.4AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/22 12:0 a.m.2 views

IBM Curam Social Program Management Privilege Gain Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Curam SPM. An attacker could exploit the vulnerability to revoke applications...

6CVSS6.8AI score0.00585EPSS
Exploits0References1
OSV
OSV
added 2017/12/11 5:29 p.m.3 views

DEBIAN-CVE-2014-3250

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4...

6.5CVSS6.6AI score0.00894EPSS
Exploits0References1
OSV
OSV
added 2017/12/11 5:29 p.m.4 views

UBUNTU-CVE-2014-3250

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4...

6.5CVSS6.8AI score0.00894EPSS
Exploits0References3
CNVD
CNVD
added 2017/11/30 12:0 a.m.3 views

Pivotal Cloud Foundry cf-release and UAA denial of service vulnerabilities

Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides features such as container scheduling, continuous delivery, and automated service deployment. cf-release is a release of PCF. uaa is a...

5.3CVSS6.9AI score0.01086EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/11/28 3:54 a.m.23 views

Uber: The Microsoft Store Uber App Does Not Implement Server-side Token Revocation

Summary The Microsoft Store Uber App Windows Phone Architecture does not properly revoke or expire a rider's x-uber-token upon app signout. Security Impact When a user logs out/signs off of the app, the logout process is handled only locally on the application side, and without any type of...

6.8AI score
Exploits0
Rows per page
Query Builder