86 matches found
CVE-2021-31999
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...
CVE-2021-31999
CVE-2021-31999 describes a Privilege Escalation in Rancher where an attacker can forge Impersonate-User/Impersonate-Group headers to act as other cluster users. Affected: Rancher versions before 2.5.9 and before 2.4.16. Root cause: reliance on untrusted inputs in a security decision. Impact: unau...
CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...
Why SecOps Need A Cybersecurity Platform
Our global study polled more than 2,300 IT security decision makers to discover how to best assist and support SecOps teams so you can be more resilient...
CVE-2020-26291
URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...
CVE-2020-26291
URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...
CVE-2020-15181
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...
CVE-2020-15181
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...
Design/Logic Flaw
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...
CVE-2020-15181 Admin account takeover in Alfresco Reset Password
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0...
CVE-2020-15181
CVE-2020-15181 affects the Alfresco Reset Password add-on prior to version 1.2.0. The issue stems from relying on untrusted inputs when making a security decision, allowing an attacker to gain administrator access to the system on affected servers. The vulnerability is fixed in version 1.2.0. In ...
CVE-2019-14630
The CVE-2019-14630 issue affects Intel Thunderbolt controllers (Thunderbolt 1–3: DSL3310/3510/4510/4410; DSL5520/5320; DSL6540/6340/JHL6540/JHL6340/JHL6240/JHL7540/JHL7340). Description: reliance on untrusted inputs in a security decision may allow an unauthenticated user with physical access to ...
Presentation Template: Build Your 2020 Security Plan
As the end of the year approaches, security decision makers are creating their 2020 plans and running them by management for approval. In most cases, this means requesting and making the case for the necessary resources that need to be allocated, while still providing value to the organization. T...
New! RFP Template for Selecting EDR/EPP and APT Security
Once upon a time, only big organizations worried about Advanced Persistent Threats. But it soon became obvious that every organization could find itself under fire, regardless of size or industry, and whether as direct targets or collateral damage. Most security decision makers in these...
Schneider Electric Modicon M580 UnityPro reliance on untrusted inputs vulnerability
Summary An exploitable reliance on untrusted inputs vulnerability exists in the strategy transfer function of the Schneider Electric Unity Pro L Programming Software. When a specially crafted strategy is programmed to a Modicon M580 Programmable Automation Controller, and UnityProL is used to rea...
Design/Logic Flaw
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...
CVE-2018-7850
A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause invalid information displayed in Unity Pro software...
CVE-2017-13274
In the getHost function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0,...
Circle with Disney Token Routing Vulnerability(CVE-2017-12085)
Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...
Design/Logic Flaw
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page...