CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow...

CVE-2019-4612

creationtimestamp| type| source ---|---|--- 2024-03-09 10:06:23+00:00| seen| https://t.me/ctinow/203868...

CVE-2023-4612 MFA bypass in Apereo CAS

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there...

CVE-2023-4612

CVE-2023-4612 is an Improper Authentication vulnerability in Apereo CAS via jakarta.servlet.http.HttpServletRequest.getRemoteAddr, enabling MFA bypass. Affected: Apereo CAS up to and including 7.0.0-RC7. Public patches are not available; the vendor does not treat it as a vulnerability. Related so...

CVE-2023-4612 MFA bypass in Apereo CAS

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there...

CVE-2018-4612

Rejected reason: This candidate is unused by its CNA...

CVE-2022-4612

creationtimestamp| type| source ---|---|--- 2022-12-19 18:11:33+00:00| seen| https://t.me/cibsecurity/54882...

CVE-2022-4612

Technical details (affected product/version, root cause, and remediation) are not publicly provided in the supplied documents. Monitor for updates from official advisories and trusted sources.

CVE-2022-4612 Click Studios Passwordstate insufficiently protected credentials

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...

CVE-2020-4612

CVE-2020-4612 affects IBM Data Risk Manager (iDNA) 2.0.6. An authenticated user can obtain sensitive information via a specially crafted HTTP request. Connected documentation confirms the issue and prescribes a remediation path: upgrade to DRM 2.0.6.4 first, then apply fixpacks 2.0.6.5 and 2.0.6....

Debian DSA-4612-1 : prosody-modules - security update

It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securi...

Debian: Security Advisory (DSA-4612-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : libxslt (EulerOS-SA-2019-2627)

According to the versions of the libxslt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to caus...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

CVE-2019-4612

CVE-2019-4612 affects IBM Planning Analytics Workspace (IBM Planning Analytics Local 2.0, Workspace Release 47). The vulnerability enables malicious file uploads via the My Account Portal, allowing attackers to upload executable files that could be delivered to victims for further attacks. Root c...

CVE-2014-4612

Cross-site scripting XSS vulnerability in the keywords manager keywordmgr.php in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-4612

The vulnerability CVE-2014-4612 affects Coppermine Photo Gallery, specifically the keywords manager (keywordmgr.php). It is exploitable via cross-site scripting (XSS) in versions before 1.5.27 and in 1.6.x before 1.6.01. The root cause is an XSS flaw that allows remote attackers to inject arbitra...

CVE-2014-4612

Cross-site scripting XSS vulnerability in the keywords manager keywordmgr.php in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-4612

...

Memory corruption

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...