753 matches found
SSL Certificate Validity - Duration
The CA/Browser Forum has passed a resolution setting the maximum validity period for SSL/TLS subscriber certificates via ballot 193. Certificates issued after March 1, 2018 may not be valid longer than 825 days. Certificates issued after July 1, 2016 through March 1, 2018 may not be valid longer...
DEBIAN-CVE-2018-15599
The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...
UBUNTU-CVE-2018-15599
The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...
CVE-2018-2451
XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...
CVE-2017-2629
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server...
ALPINE-CVE-2017-2629
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server...
CVE-2017-2629
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server...
Remote Code Execution (RCE) Through File Inclusion
phpmyadmin is vulnerable to remote code execution RCE attacks. The application does not properly check page validity when they are loaded or redirected, allowing a malicious user to view and execute files on the server...
CVE-2018-10470
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may...
CVE-2018-10732
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information i.e., determine if a username is valid because of profile pictures visibility...
Teradek Slice 7.3.15 Change Password Cross Site Request Forgery
...
Zomato: [www.zomato.com] IDOR - Gold Subscription Details, Able to view "Membership ID" and "Validity Details" of other Users
Hello Zomato, The following URL : https://www.zomato.com/gold/payment-success?subscriptionid=██████████&userid=█████████ is vulnerable to IDOR in subscriptionid field. Anyone can get Subscription Start & End Date and Plan Duration of a Membership ID just by changing the subscriptionid parameter...
CVE-2018-0134
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure...
INSIDE Secure MatrixSSL Certificate Validation Vulnerability
INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. A security vulnerability exists in INSIDE Secure MatrixSSL version 3.7.2, which stems from the program failing to properly validate the UTCTime validity period...
CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
Security feature bypass
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
UBUNTU-CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16852
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...