2077 matches found
CVE-2015-4680
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...
CVE-2015-4680
FreeRADIUS is affected by CVE-2015-4680. Versions 2.2.x prior to 2.2.8 and 3.0.x prior to 3.0.9 do not properly check revocation of intermediate CA certificates, potentially allowing certificates issued by revoked intermediate authorities to be trusted. The vulnerability’s impact is reflected as ...
CVE-2015-4680
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates...
CVE-2017-7374
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...
UBUNTU-CVE-2017-7374
Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service NULL pointer dereference or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be...
HackerOne: A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
Summary A HackerOne employee Reed Loden GitHub:reedloden exposed their personal access token twice in build logs of the rubysec/rubysec.github.io project: 1. 2015-12-10 2. 2016-03-01 Description The token has publicrepo scope, which means that it allows access to any public repos the owner accoun...
mbed TLS (PolarSSL) -- multiple vulnerabilities
Janos Follath reports: If a malicious peer supplies a certificate with a specially crafted secp224k1 public key, then an attacker can cause the server or client to attempt to free block of memory held on stack. Depending on the platform, this could result in a Denial of Service client crash or...
The vulnerability of the iOS operating system, which allows a perpetrator to compromise the integrity of protected information
The vulnerability of the Mail component in the iOS operating system is related to the lack of a user alert regarding the revocation of the S/MIME email signature certificate. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
Session fixation
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...
CVE-2016-4686
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation...
CVE-2016-4686
CVE-2016-4686 affects iOS prior to 10.1 in the Contacts component. The issue is an access-control flaw where an application may maintain access to the Address Book after the user revokes it in Settings. The root cause is not fully detailed in the provided documents, but Apple’s iOS 10.1 security ...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
DEBIAN-CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
Session fixation
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
UBUNTU-CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-6582
The CVE-2016-6582 entry concerns the Doorkeeper gem for Ruby, with versions prior to 4.2.0. The underlying issue is a failure to implement the OAuth 2.0 Token Revocation specification, which could allow remote attackers to conduct replay attacks or revoke arbitrary tokens. The available connected...
CVE-2016-6582
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
Buggy Domain Validation Forces GoDaddy to Revoke Certs
GoDaddy has revoked, and begun the process of re-issuing, new SSL certificates for more than 6,000 customers after a bug was discovered in the registrar’s domain validation process. The bug was introduced July 29 and impacted fewer than two percent of the certificates GoDaddy issued from that dat...