Input validation

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

DEBIAN-CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

Design/Logic Flaw

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

UBUNTU-CVE-2021-3698

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD. This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

CVE-2022-21170

The CVE-2022-21170 issue is an improper certificate revocation check (CWE-299) in Digital Arts i-FILTER and associated products. A remote attacker could perform a man-in-the-middle attack to eavesdrop on TLS traffic. Affected: i-FILTER Ver.10.45R01 and earlier; i-FILTER Ver.9.50R10 and earlier; i...

i-FILTER vulnerable to improper check for certificate revocation

Overview i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early...

Digital Arts i-FILTER 信任管理问题漏洞

Digital Arts i-FILTER is a web filtering software from Digital Arts Japan. It is used to counter targeted attacks. A security vulnerability exists in Digital Arts i-FILTER that originates from improper certificate revocation checks. A remote attacker could exploit the vulnerability to conduct a...

JVN#33214411: i-FILTER vulnerable to improper check for certificate revocation

i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation CWE-299 . Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the software and add settings Update the software to the latest version...

8x8 Bounty: jaas.8x8.vc: Removed users can still have READ/WRITE access to the workspace via different API endpoints

An improper access control vulnerability was discovered in jaas.8x8.vc, where removed users could still have READ/WRITE access to the workspace via different API endpoints, if they were logged in and saved their session cookies. The issue was resolved by fixing the session management...

AlmaLinux 8 : curl (ALSA-2021:1610)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1610 advisory. - Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231 - A malicious server can u...

Let’s Encrypt to revoke “mis-issued” certificates

If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. Revocation is coming, and you’ve only got until tomorrow to figure things out. What’s the deal with free certificates? If you’re running a website, you want to make sure that it’s HTTPs. It...

Insecure Access Control

cockpit has insecure access control. The vulnerability exists due to a flaw was found in Cockpit allowing client certificates to authenticate successfully, regardless of the Certificate Revocation List CRL configuration or the certificate status...

CVE-2022-22173

A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon pkid of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service DoS. In a scenario where Public Key Infrastructure PKI is used in combination with...

CVE-2022-22173

A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon pkid of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service DoS. In a scenario where Public Key Infrastructure PKI is used in combination with...

PT-2025-8224

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock issue has been identified in the Linux kernel related to the Ceph file system. The issue occurs when a file is created with O RDWR and a request is sent to the...

New BLISTER Malware Using Code Signing Certificates to Evade Detection

Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has...

UBUNTU-CVE-2021-39945

Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an author of a Merge Request to approve the Merge Request even after having their project...

PT-2021-23938 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.11 Description: A vulnerability affects users of tag groups who use the "Tags are visible only to the following groups" feature in Discourse, an open source discussion platform. This feature allows a tag group ...

Improper Privilege Management in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked...