106 matches found
About the security content of iOS 14.2 and iPadOS 14.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
CVE-2020-10003
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...
CVE-2020-15149
NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...
CVE-2020-15149
NodeBB is affected by CVE-2020-15149 where a bug in the validation logic introduced in 1.12.2 allows changing the password of any user via a crafted socket.io call, enabling privilege escalation/account takeover on running forums. The vulnerability affects NodeBB versions up to 1.14.2 (vulnerable...
CVE-2019-7292
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
Open redirect
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-3877
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
F5 Networks BIG-IP : TMOS vulnerability (K49440608)
When a specifically configured virtual server receives traffic of an undisclosed nature, the Traffic Management Microkernel TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration that exposes this issue is not common and in general does...
CVE-2018-5509
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...
CVE-2017-2773
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...
Input validation
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...
Input validation
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...
CVE-2017-2773
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...
CVE-2017-2773
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...
CVE-2016-8218
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT...
Fedora 24 : fedmsg (2017-a73bc7ac5d)
Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...
Fedora 25 : fedmsg (2017-fff6e1af37)
Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...
About the security content of watchOS 3.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Cisco ASA Software Remote Authentication bypass vulnerability-vulnerability warning-the black bar safety net
0x01 vulnerability profile Cisco ASA Software part of the Management Interface authentication when there is validation logic problem, an attacker can bypass the authentication, the unauthorized operation. 0x02 vulnerability principles ! enter image description here By default, the ASA management...