Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security

Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates withou...

CVE-2019-10136

It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

Code injection

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source...

Design/Logic Flaw

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...

Disclosure of issue key validity & issue attachment names in the render api resource - CVE-2019-14995

The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check...

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery Product : Cisco Wireless Controller Version : 3.6.10E last version Date: 23.07.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Mehmet Önder Key Website: htts://cloudvist.com CVE: CVE-2019-12624 Description : The applicatio...

SUSE-SU-2019:1789-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: spacewalk-backend: - Do not duplicate 'http://' protocol when using proxies with 'deb' repositories bsc1138313 - Fix reposync when dealing with RedHat CDN bsc1138358 - Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of heade...

Insecure Signature Validation

spacewalk uses insecure authentication signature validation. The client token checksums are not properly computed, which would allow an attacker to extend session validity by modifying the authenticated header set without modifying the checksum...

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

Design/Logic Flaw

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

spacewalk: Insecure computation of authentication signatures during user authentication

It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum...

RUSTSEC-2019-0004 Failure to properly verify ed25519 signatures makes any signature valid

Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid. This allows an attacker to impersonate any node identity...

DEBIAN-CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

The vulnerability of the WebRTC technology implementation in Google Chrome web browsers allows a hacker to induce a service failure.

The vulnerability of the WebRTC technology implementation in Google Chrome browser is related to insufficient verification of the pointer’s validity. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially created HTML page...

CVE-2019-5760

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-5760

CVE-2019-5760 affects Google Chrome’s WebRTC implementation. Insufficient pointer validation could lead to heap corruption via a crafted HTML page, enabling remote exploitation. The fix is available in Chrome updates from 72.0.3626.81 onward.

BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) Vulnerability

Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient...

CVE-2019-0017

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1...

CVE-2019-0017 Junos Space: Unrestricted file upload vulnerability

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1...