Author: Cyberthreat Blog

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners...

In PyJWT 1.5.0 and below the ‘invalid_strings’ check in ‘HMACAlgorithm.prepare_key’ does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it...

In the touch controller function in all Qualcomm products in all Android releases from CAF using the Linux kernel, a variable may be controlled by the user and can lead to a buffer overflow.

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.