IBM WebSphere Application Server 安全特征问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server WAS suffers from a...

EUVD-2018-5842

Malware in sbrugna...

SAP Commerce 跨站请求伪造漏洞

SAP Commerce is a suite of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management and operations management. A cross-site request forgery vulnerability exists in SAP Commerce, which stems from a misconfiguration that can lead to...

PT-2024-10645 · Mediatek · Mediatek Audio Driver

Name of the Vulnerable Software and Affected Versions: MediaTek audio driver affected versions not specified Description: The issue is related to a missing bounds check in the mtkscoaudio debugfs, combined with weakened SELinux policies. This could allow for an arbitrary kernel memory write,...

PT-2024-29627 · Apache · Apache Mina Sshd

Name of the Vulnerable Software and Affected Versions: Apache MINA SSHD versions prior to 2.12.0 Description: The issue, also known as a Terrapin attack, allows an attacker who can intercept traffic between the client and server to drop certain packets, potentially downgrading or disabling some...

CVE-2024-34346

CVE-2024-34346 affects Deno and describes a permission-escalation via opening privileged files (e.g., reading /proc/self/environ, writing /proc/self/mem) when sandbox permissions are opened with --allow-read/--allow-write. The issue arises because the sandbox can be weakened if deny flags are not...

Duplicate Advisory: EVE Has Partially Predetermined Vault Key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the...

DEBIAN-CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

UBUNTU-CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

FREAK Attack: How to Protect Yourself

The recently disclosed FREAK Factoring attack on RSA Export Keys attack is an SSL/TLS vulnerability that is affecting major browsers, servers and even mobile devices. FREAK vulnerability allows the attacker to intercept HTTPS connections between vulnerable clients and servers and force them to us...

UK Cryptographers Call For Publication of Deliberately Weakened Protocols, Products

A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter,...

CVE-2006-6997

Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear...