158 matches found
CVE-2014-10046
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttle info block is freed without clearing the...
CVE-2014-10046
CVE-2014-10046 is an Android/Qualcomm PDN throttle use-after-free issue in which the PDN throttle info block is freed without clearing the active timer on affected Qualcomm Snapdragon platforms (MDM9615/9625/9635M and SD 210/212/205, 400, 410/12, 615/16/ SD 415, 800, 808, 810). The vulnerability ...
FreeBSD : mediawiki -- multiple vulnerabilities (298829e2-ccce-11e7-92e4-000c29649f92)
mediawiki reports : security fixes : T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451:...
mediawiki -- multiple vulnerabilities
mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...
Moneybird: Bypass of Rate limiting in secure_session endpoint's password input will lead to user password disclosure
The rate limit for entering a password to start a secure session was too low. This allowed for brute force password guessing when an attacker would gain access to an existing session of a user. We have solved the issue by making the password rate limit the same as the regular login procedure...
kernel security and bug fix update
2.6.32-696.1.1.0.1.el6.OL6 - kernel sched/fair: Initialize throttlecount for new task-groups lazily orabug 25071015 - kernel sched/fair: Do not announce throttled next buddy in dequeuetaskfair orabug 25071015 - kernel sched/fair: Reorder cgroup creation code orabug 25071015 - kernel sched/fair:...
mediawiki -- multiple vulnerabilities
Mediawiki reports: Security fixes: T122056: Old tokens are remaining valid within a new session T127114: Login throttle can be tricked using non-canonicalized usernames T123653: Cross-domain policy regexp is too narrow T123071: Incorrectly identifying http link in a's href attributes, due to m...
Car Throttle - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Car Throttle published at the 'play' market has multiple vulnerabilities...
Imgur: Server Side Request Forgery In Video to GIF Functionality
imgur.com is vulnerable to Server Side Request Forgery because it fails to sanitize or verify the "url" GET parameter. This could be used by attackers to launch attacks against other 3rd party sites or proxy an attackers requests through the affected site to hide the attackers origin. In more...
WordPress Wordfence Plugin <= 5.2.3 - Multiple Vulnerabilities
This plugin is prone to stored XSS, insufficient logging, throttle bypass and exploit detection bypass vulnerabilities. Solution Update plugin...
CVE-2002-0896
The throttle capability in Swatch may fail to report certain events if 1 the same type of event occurs after the throttle period, or 2 when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection...
CVE-2002-0896
The throttle capability in Swatch may fail to report certain events if 1 the same type of event occurs after the throttle period, or 2 when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection...
DEBIAN-CVE-2002-0896
The throttle capability in Swatch may fail to report certain events if 1 the same type of event occurs after the throttle period, or 2 when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection...
CVE-2002-0896
The CVE-2002-0896 entry concerns Swatch: the throttle capability may fail to report certain events if the same event type recurs after the throttle period or when multiple events matching the same watchfor expression don’t occur post-throttle. This could allow attackers to avoid detection. No spe...
CVE-2002-0896
The throttle capability in Swatch may fail to report certain events if 1 the same type of event occurs after the throttle period, or 2 when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection...
CVE-2002-0896
The throttle capability in Swatch may fail to report certain events if 1 the same type of event occurs after the throttle period, or 2 when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection...
TOTP throttle not enforced cross-wiki
More info at https://phabricator.wikimedia.org/T251661...
Do Not Offer
This is the detectoid to block any updates as an alternative to expire/throttle/GF...