U-SPEED N300 安全漏洞

The U-SPEED N300 is a wireless router device produced by the U-SPEED company. The U-SPEED N300 V1.0.0 version has a security vulnerability. This vulnerability stems from the lack of rate limiting or account locking protection in the /api/login endpoint. As a result, local network attackers may...

ERCOM Cryptobox 安全漏洞

ERCOM Cryptobox is a file encryption and security storage tool developed by the French company ERCOM. ERCOM Cryptobox has a security vulnerability that stems from issues with the account locking mechanism. This vulnerability could allow legitimate users to prevent other users from logging in by...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server is an identity authentication server developed by the American company WSO2. There is a security vulnerability in WSO2 Identity Server; this vulnerability arises from the failure to revoke active access tokens when user accounts are locked, which may lead to bypassing access...

Nexxt Solutions Nebula 300+ 安全漏洞

The Nexxt Solutions Nebula 300+ is a wireless router produced by the Nexxt Solutions company in the United States. Versions of the Nebula 300+ with the software version 12.01.01.37 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of rate limits on the...

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Version 9.13.0.0 of Dell PowerScale OneFS contains a security vulnerability. This vulnerability stems from a overly...

IBM DevOps Plan 安全漏洞

IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. Versions of IBM DevOps Plan 3.0.0 and earlier contained security vulnerabilities. These vulnerabilities were due to improper account locking settings,...

Binardat 10G08-0800GSM 安全漏洞

Binardat 10G08-0800GSM is a high-performance switch from the Chinese company Binardat. The Binardat 10G08-0800GSM Network SwitchV300SP10260209 and earlier versions have security vulnerabilities. These vulnerabilities stem from the lack of rate limiting or account locking for failed login attempts...

GL.iNet AX1800 安全漏洞

The GL.iNet AX1800 is a wireless router from China's Guanglian Intelligent Communication GL.iNet. A security vulnerability exists in the GL.iNet AX1800 version 4.6.4 and 4.6.8, which stems from a lack of rate limiting or account locking mechanism in the authenticated endpoints, which could lead t...

EUVD-2003-1025

Malware in sbrugna...

EUVD-2015-6682

Malware in sbrugna...

EUVD-2015-6683

Malware in sbrugna...

CVE-2023-47294

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...

CVE-2021-38155

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...

CVE-2024-45877

baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx. This allows a low privileged user to access all modules in the web portal, view and manipulate information and permissions of other users, lock...

Debian dla-3714 : keystone - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3714 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3714-1 [email protected]...

CVE-2022-39228 Observable Response Discrepancy in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is...

CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

OpenStack Keystone allows information disclosure during account locking

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...

SUSE-SU-2022:1654-1 Security update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification

This update for documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification fixes the following issues: - CVE-2021-22141: Fixed URL redirection flaw bsc1186868. - CVE-2021-38155: Fixed information disclosure during account locking bsc1189390. The following...

Information Disclosure

OpenStack Keystone allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which...