It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated...Re ...
Continue Reading
June 28, 2024
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipeline ...
Continue Reading
June 28, 2024
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This resul ...
Continue Reading
June 28, 2024
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This resul ...
Continue Reading
June 28, 2024
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, versions before 11.11.0.0 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted function ...
Continue Reading
June 28, 2024
Ivanti Sentry, formerly known as MobileIron Sentry, is vulnerable to an API authentication bypass on the Sentry administrator interface. A remote and unauthenticated attacker can leverage this vulnera ...
Continue Reading
June 28, 2024
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor ...
Continue Reading
June 28, 2024
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buf ...
Continue Reading
June 28, 2024
Back to Main
