Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...

Continue Reading

CVSS3 - HIGH

Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication (2FA) bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an att ...

Continue Reading

CVSS3 - HIGH

Nodejs ‘undici’ Vulnerable to CRLF Injection via Content-Type

### Impact `=Read More ...

Continue Reading

CVSS3 - CRITICAL

CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API clientRead More ...

Continue Reading

CVSS3 - HIGH

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.`=Read More ...

Continue Reading

CVSS3 - CRITICAL

CRLF Injection

Undici is is vulnerable to CRLF injection. The vulnerability is due to improper request header `content-type` sanitization in `lib/core/request.js`. An attacker can exploit this vulnerability to prefo ...

Continue Reading

CVSS3 - CRITICAL

Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

## Summary Multiple Vulnerabilities have been found in Node.js used by the Common UI in Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. ## Vulnerability Details ** CVEID: **[CV ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerability exists due to an Undefined Behavior allowing an attacker to crash the system via a maliciously crafted Input to API.Read More ...

Continue Reading

CVSS3 - MEDIUM

Back to Main

Subscribe for the latest news:
Generated by Feedzy