Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Redis

Summary IBM has addressed the following CVEs, which may affect Gateway Peering and Quota Enforcement. Vulnerability Details CVEID:CVE-2022-24736 DESCRIPTION: Redis is vulnerable to a denial of service, caused by a NULL pointer dereference. By loading a specially crafted Lua script, a local...

Command injection

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user to full administrative access by using the password !j@ly$z%x6x7q8c9z for the...

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

CVE-2017-0892

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file...

Nextcloud: Limitation of app specific password scope can be bypassed (NC-SA-2017-009)

Limitation of app specific password scope can be bypassed NC-SA-2017-009 Risk level: Low CVSS v3 Base Score: 3 AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N CWE: Improper Authorization CWE-285 Description Improper session handling allowed an application specific password without permission to the files...

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts. Duo Security itself a two-factor...