CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

CVE-2024-45269

CVE-2024-45269: CSRF vulnerability in WordPress Carousel Slider (plugin by Sayful Islam) affecting Carousel Slider

CodeCov supply-chain compromise likened to SolarWinds attack

CodeCov, a company that creates software auditing tools for developers, was recently breached the company says it was breached on April 1, and reported it on the April 15. According to investigators, this incident, in turn, gave attackers access to an unknown number of CodeCov’s clients networks...

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

Design/Logic Flaw

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

PYSEC-2020-48

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

CVE-2020-11093

Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...

CVE-2020-10778

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields...

Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to cross-site request forgery (CVE-2016-9730)

Summary IBM QRadar SIEM and Incident Forensics allow web requests for sensitive operations to be stored in 3rd party websites which can lead to unauthorized alterations of the product and user data. Vulnerability Details CVEID: CVE-2016-9730 DESCRIPTION: IBM QRadar Incident Forensics is vulnerabl...