Lucene search
K

121 matches found

Github Security Blog
Github Security Blog
added 2019/07/05 9:6 p.m.30 views

postfix-mta-sts-resolver Algorithm Downgrade vulnerability

Incorrect query parsing Impact All users of versions prior to 0.5.1 can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. Patches Problem has been patched in version 0.5.1 Workarounds Users may remediate this vulnerability without upgrading...

6.9CVSS5.7AI score0.00671EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/04/04 3:29 p.m.19 views

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

9CVSS6.9AI score0.01831EPSS
Exploits1References4
Cvelist
Cvelist
added 2019/04/04 2:34 p.m.17 views

CVE-2018-19981

Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...

7AI score0.01831EPSS
Exploits1References4
Veracode
Veracode
added 2019/01/15 8:54 a.m.26 views

Authentication Bypass In The SecurityTokenService

The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...

4.3CVSS8.4AI score0.07405EPSS
Exploits0References36Affected Software73
Openbugbounty
Openbugbounty
added 2019/01/02 5:44 p.m.36 views

sts-tutorial.com XSS vulnerability

Open Bug Bounty ID: OBB-718749 Description| Value ---|--- Affected Website:| sts-tutorial.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/10/30 12:0 a.m.265 views

Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) SFTP Authentication Bypass Vulnerability

Exploit Title: Nutanix AOS & Prism - SFTP Authentication Bypass Exploit Author: Adam Brown Vendor Homepage: https://www.nutanix.org Software Link: https://www.nutanix.com/products/software-options/ Version: 5.5.5 LTS, 5.8.1 STS Tested on: Acropolis Operating System CVE : Related to CVE-2018-7750...

9.8CVSS0.5AI score0.27065EPSS
Exploits10
Kitploit
Kitploit
added 2018/07/22 10:12 p.m.114 views

Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources

Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified...

7.7AI score
Exploits0References2
Prion
Prion
added 2018/06/11 9:29 p.m.12 views

Design/Logic Flaw

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

5CVSS6.2AI score0.01784EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.135 views

CVE-2017-7789

CVE-2017-7789 affects Firefox versions earlier than 55.0. If a server sends two Strict-Transport-Security headers for a single connection, the headers are rejected as invalid, and HSTS is not enabled for that connection. Documented impact is limited to Firefox

5.3CVSS6.2AI score0.01784EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.33 views

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

5.3CVSS7.6AI score0.01784EPSS
Exploits1
CNVD
CNVD
added 2018/05/23 12:0 a.m.2 views

radare2 denial of service vulnerability (CNVD-2018-12205)

Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the inststs function in radare2 2.5.0. A remote attacker can exploi...

5.5CVSS5.7AI score0.01148EPSS
Exploits0References1
OSV
OSV
added 2018/05/22 7:29 p.m.5 views

UBUNTU-CVE-2018-11382

The inststs function in radare2 2.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted binary file...

5.5CVSS6.4AI score0.01148EPSS
Exploits0References4
CNVD
CNVD
added 2018/05/10 12:0 a.m.3 views

Schneider Electric MGE UPS and MGE STS 66074 MGE Network Management Card Transverse Sensitive Information Vulnerability (CNVD-2018-11132)

The Schneider Electric MGE UPS and MGE STS are both products of the French company Schneider Electric.The Schneider Electric MGE UPS is an uninterruptible power supply unit.The MGE STS is a static toggle switch.66074 MGE Network Management Card Transverse is one of the network management cards...

9.8CVSS7AI score0.00852EPSS
Exploits0References1
NVD
NVD
added 2018/04/18 8:29 p.m.12 views

CVE-2018-7244

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server Port 80/443/TCP of the affected devices could allow a remote attacker to obtain sensitive device information if network...

5.3CVSS5.1AI score0.01059EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/18 8:0 p.m.18 views

CVE-2018-7246

A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server Port 80/443/TCP of the affected devices could allow remote attackers to discover an administrative...

9.4AI score0.00852EPSS
Exploits0References1
CVE
CVE
added 2018/04/18 8:0 p.m.56 views

CVE-2018-7246

CVE-2018-7246 affects Schneider Electric’s 66074 MGE Network Management Card Transverse (SNMP/Web Card) used in MGE UPS and MGE STS. The vulnerability arises from the integrated web server (port 80/443) transmitting sensitive data in cleartext, enabling remote attackers to discover an administrat...

9.8CVSS9.2AI score0.00852EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2017/08/09 1:50 a.m.28 views

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

5.3CVSS6.7AI score0.01784EPSS
Exploits1References2
Kaspersky
Kaspersky
added 2017/08/08 12:0 a.m.111 views

KLA11082 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, privilege escalation, spoof user interface, bypass security restrictions, obtain sensitive information and execute arbitrary code. Below is...

10CVSS10AI score0.13697EPSS
Exploits25References5
UbuntuCve
UbuntuCve
added 2017/07/04 12:0 a.m.22 views

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

5.3CVSS6.8AI score0.01784EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2017/02/17 10:0 a.m.9 views

SMTP STS Coming Soon to Gmail, Other Webmail Providers

Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at...

7.3AI score
Exploits0References1
Rows per page
Query Builder