CVE-2026-28503

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

CVE-2023-28503

creationtimestamp| type| source ---|---|--- 2023-03-30 00:16:03+00:00| seen| https://t.me/cibsecurity/61150 2023-04-12 09:58:37+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/unidataudadminauthbypass.rb 2024-01-07 05:30:41+00:00| seen|...

CVE-2023-28503 Authentication bypass in UniRPC's udadmin service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...

CVE-2023-28503

CVE-2023-28503 describes an authentication bypass in Rocket Software UniData/UniVerse UniRPC stack. The root cause is a flaw in libunidata.so and related RPC services that lets an attacker authenticate as a legitimate Linux user using a special username (:local:) and a deterministic, encoded pass...

CVE-2021-28503

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI...

CVE-2021-28503 In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI...

CVE-2021-28503

The CVE-2021-28503 issue affects Arista EOS, where eAPI may skip re-evaluating credentials when certificate-based authentication is used, allowing remote access via eAPI. Affected EOS trains include 4.22.x–4.26.x, with fixes in 4.26.3+, 4.25.6+, 4.24.8+, and 4.23.10+ as per Arista Security Adviso...

Security Advisory 0072

Security Advisory 0072 . CSAF PDF Date: February 2nd, 2022 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | February 2nd, 2022 | Initial Release The CVE-ID tracking this issue: CVE-2021-28503 CVSSv3.1 Base Score: 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H The internal bug tracking...

CVE-2020-28503 Prototype Pollution

The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality...

CVE-2020-28503

Copy-props before 2.0.5 is vulnerable to Prototype Pollution via its main functionality. The issue arises from unsafe merge of objects, allowing an attacker to inject properties into Object.prototype (e.g., via proto ), with potential impact including denial of service and, in some descriptions, ...