3 matches found
Debian: Security Advisory (DSA-4943-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Atlassian Crowd: pdkinstall development plugin incorrectly enabled (CVE-2019-11580)
Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...
Uber: Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com
Summary This is not a standard vulnerability, but a chain of two more exotic vulnerabilities leading to a full authentication bypass of your SSO login system at auth.uber.com via saostatic.uber.com. The root cause of this authentication bypass is two-fold: 1. Subdomain saostatic.uber.com was...