20 matches found
Authentication Bypass by Alternate Name
Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the hostname-based access control list enforcement process when configured with chroot. An attacker can gain unauthorized access by manipulating the PTR record for their source IP address,...
Authentication Bypass by Alternate Name
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name in the Microsoft Teams group sender authorization process when a route allowlist is configured and the sender allowlist is empty. An attacker can...
Authentication Bypass by Alternate Name
Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name while serving static files from...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
Authentication Bypass by Alternate Name
Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the SSH authentication process. An attacker can gain unauthorized access and impersonate any user, including administrative accounts, by presenting a victim's public key during the SSH handsha...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002833)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002833 advisory. The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows...
EUVD-2016-5888
Malware in sbrugna...
CVE-2023-1803
Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17...
CVE-2023-1803
Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass. This issue affects Redline Router: before 7.17...
CVE-2023-1803
Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17...
PT-2023-17258
Name of the Vulnerable Software and Affected Versions DTS Electronics Redline Router versions prior to 7.17 Description The issue allows for authentication bypass by alternate name, enabling unauthorized access. This is a significant concern as it compromises the security of the affected devices...
SUSE CVE-2015-3908
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
SUSE CVE-2016-4913
The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...
DEBIAN-CVE-2016-4913
The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...
UBUNTU-CVE-2016-4913
The getrockridgefilename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM aka alternate name entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs...
UBUNTU-CVE-2015-3908
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
PYSEC-2014-94
PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2008-2809
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also...
Firefox self signed certificate flaw
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also...
CVE-2006-3778
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the 1 "Save As Draft" option is used or 2 a "," comma is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC...