246 matches found
Spoofing Attack
github.com/containerd/containerd is vulnerable to Spoofing Attack. The vulnerability is due to the lack of a definitive specification for manifest and index documents in the OCI Distribution and Image Specifications, allows different interpretations based on the Content-Type header...
PT-2024-10983 · Unknown · Bluetooth Core Specification
Name of the Vulnerable Software and Affected Versions: Bluetooth Core Specifications versions 2.1 through 5.3 Description: The issue concerns Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol. It may allow an unauthenticated...
[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39
mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...
[SECURITY] Fedora 41 Update: lua-mpack-1.0.12-1.fc41
mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...
CVE-2022-48827 NFSD: Fix the behavior of READ near OFFSET_MAX
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX Dan Aloni reports: Due to commit 8cfb9015280d "NFS: Always provide aligned buffers to the RPC read layers" on the client, a read of 0xfff is aligned up to server rsize of 0x1000. As a...
CVE-2022-48827 NFSD: Fix the behavior of READ near OFFSET_MAX
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX Dan Aloni reports: Due to commit 8cfb9015280d "NFS: Always provide aligned buffers to the RPC read layers" on the client, a read of 0xfff is aligned up to server rsize of 0x1000. As a...
CVE-2024-38367
CVE-2024-38367 concerns the CocoaPods trunk authentication server (trunk.cocoapods.org). The underlaying issue was a vulnerability in the trunk sessions verification step that could be manipulated to hijack the owner’s session, potentially yielding a full takeover of the CocoaPods trunk account. ...
CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...
CVE-2023-26484
...
CVE-2024-26650
This CVE ID is rejected/not used and does not represent an active vulnerability entry.
Notary Project Specifications Security Vulnerabilities
Notary Project Specifications is a repository for the Notary Project. A security vulnerability exists in Notary Project Specifications that stems from the use of artifacts whose signatures are no longer valid...
Testing with OpenAPI Specifications
The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...
CVE-2023-46138
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
CVE-2023-46138
CVE-2023-46138 affects JumpServer prior to version 3.8.0, where the initial admin user used the default email domain [email protected]. Password resets occur via email, so if the domain mycompany.com is registered, this could affect password reset functionality. The issue is mitigated in versio...
Design/Logic Flaw
jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability,...
Prime.sol: stakedAt value is not deleted when manually issuing an irrevocable token
Lines of code Vulnerability details Impact Protocol specifications state that a user cannot have less than the minimum xvs staked if they are not irrevocable prime token users. In other words, only holders of irrevocables prime tokens can have less than the minimum xvs staked. The problem arises...
Fedora: Security Advisory for edk2 (FEDORA-2023-ca393d660a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-32690 Responder can Invoke Undefined Behavior in libspdm Requester
libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder's CTExponent into its context without validation. If the Requester sends a request message that...