CVE-2024-28239 URL Redirection to Untrusted Site in OAuth2/OpenID in directus

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...

CouchAuth Security Breach

CouchAuth is an authentication API. A security vulnerability exists in CouchAuth version 0.20.0 and prior versions, which stems from a password reset link that can be sent to a user by sending a specially crafted host header in a forgotten password request, which, if clicked, could allow an...

PT-2023-23094 · Palantir · Palantir Tiles1

Name of the Vulnerable Software and Affected Versions: Palantir Tiles1 affected versions not specified Description: The Palantir Tiles1 service was found to be vulnerable to an API-wide issue where the service was not performing authentication/authorization on all the endpoints. Recommendations: ...

PT-2023-24965 · Ruijie Networks · Rg-Nbs +6

Name of the Vulnerable Software and Affected Versions: Ruijie Networks RG-EW series home routers and repeaters version EW 3.01B11P204 Ruijie Networks RG-NBS and RG-S1930 series switches version SWITCH 3.01B11P218 Ruijie Networks RG-EG series business VPN routers version EG 3.01B11P216 Ruijie...

Buffer overflow

Potential buffer overflow vulnerability in auth api in mmAuthentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...

CVE-2023-21494

Potential buffer overflow vulnerability in auth api in mmAuthentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...

ManageEngine ADSelfService Plus < build 6218 DoS

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6218. It is, therefore, affected by a denial of service DoS vulnerability which allows any unauthenticated remote user to cause an application restart by sending a...

CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...

ZOHO ManageEngine ADSelfService Plus 安全漏洞

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus prior to version 6218, which originated from a denial of...

CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API...

SUSE CVE-2008-3792

net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service NULL pointer dereferenc...

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

CVE-2022-23722

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

Authentication flaw

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

CVE-2022-23722

PingFederate Password Reset vulnerability (CVE-2022-23722): when the password-reset mechanism uses the Authentication API with an Authentication Policy, email OTP, PingID, or SMS, an existing user can reset another user’s password. The connected sources describe the issue and its impact but do no...

CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password...

CVE-2021-28501

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration...

Arista Networks Arista EOS 安全漏洞

Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...

PT-2022-9893 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: An issue has been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local...

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...