121 matches found
postfix-mta-sts-resolver Algorithm Downgrade vulnerability
Incorrect query parsing Impact All users of versions prior to 0.5.1 can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy. Patches Problem has been patched in version 0.5.1 Workarounds Users may remediate this vulnerability without upgrading...
CVE-2018-19981
Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...
CVE-2018-19981
Amazon AWS SDK =2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to create authenticated and/or authorized requests. Note that the attacker must have "root" privilege...
Authentication Bypass In The SecurityTokenService
The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...
sts-tutorial.com XSS vulnerability
Open Bug Bounty ID: OBB-718749 Description| Value ---|--- Affected Website:| sts-tutorial.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) SFTP Authentication Bypass Vulnerability
Exploit Title: Nutanix AOS & Prism - SFTP Authentication Bypass Exploit Author: Adam Brown Vendor Homepage: https://www.nutanix.org Software Link: https://www.nutanix.com/products/software-options/ Version: 5.5.5 LTS, 5.8.1 STS Tested on: Acropolis Operating System CVE : Related to CVE-2018-7750...
Cloud Custodian - Rules Engine For Cloud Security, Cost Optimization, And Governance, DSL In Yaml For Policies To Query, Filter, And Take Actions On Resources
Cloud Custodian is a rules engine for AWS fleet management. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified...
Design/Logic Flaw
If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...
CVE-2017-7789
CVE-2017-7789 affects Firefox versions earlier than 55.0. If a server sends two Strict-Transport-Security headers for a single connection, the headers are rejected as invalid, and HSTS is not enabled for that connection. Documented impact is limited to Firefox
CVE-2017-7789
If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...
radare2 denial of service vulnerability (CNVD-2018-12205)
Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the inststs function in radare2 2.5.0. A remote attacker can exploi...
UBUNTU-CVE-2018-11382
The inststs function in radare2 2.5.0 allows remote attackers to cause a denial of service heap-based out-of-bounds read and application crash via a crafted binary file...
Schneider Electric MGE UPS and MGE STS 66074 MGE Network Management Card Transverse Sensitive Information Vulnerability (CNVD-2018-11132)
The Schneider Electric MGE UPS and MGE STS are both products of the French company Schneider Electric.The Schneider Electric MGE UPS is an uninterruptible power supply unit.The MGE STS is a static toggle switch.66074 MGE Network Management Card Transverse is one of the network management cards...
CVE-2018-7244
An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server Port 80/443/TCP of the affected devices could allow a remote attacker to obtain sensitive device information if network...
CVE-2018-7246
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server Port 80/443/TCP of the affected devices could allow remote attackers to discover an administrative...
CVE-2018-7246
CVE-2018-7246 affects Schneider Electric’s 66074 MGE Network Management Card Transverse (SNMP/Web Card) used in MGE UPS and MGE STS. The vulnerability arises from the integrated web server (port 80/443) transmitting sensitive data in cleartext, enabling remote attackers to discover an administrat...
CVE-2017-7789
If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...
KLA11082 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, privilege escalation, spoof user interface, bypass security restrictions, obtain sensitive information and execute arbitrary code. Below is...
CVE-2017-7789
If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...
SMTP STS Coming Soon to Gmail, Other Webmail Providers
Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at...