PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

Information Leak

The MongoDB Driver is vulnerable to Information Leak. The vulnerability is due to the MongoDB Drivers erroneously publishing events containing authentication-related data to a command listener configured by an application. An attacker can get hold of this sensitive information when he accesses it...

GHSA-VXVM-QWW3-2FH7 MongoDB Driver may publish events containing authentication-related data

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

Information Exposure

Overview mongodb/mongo-swift-driver is a The official MongoDB driver for Swift. Affected versions of this package are vulnerable to Information Exposure via the command listener feature. When it is enabled not the default setting, some drivers may inadvertently publish events containing sensitive...

UBUNTU-CVE-2021-32050

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

PT-2023-4650 · Mongodb +2 · Mongodb Node.Js Driver +5

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions 1.0.0 through 1.17.7 MongoDB PHP Driver versions 1.0.0 through 1.9.2 MongoDB Swift Driver versions 1.0.0 through 1.1.1 MongoDB Node.js Driver 3.6 versions 3.6 through 3.6.10 MongoDB Node.js Driver 4.0 versions 4.0...

The vulnerability of the aws-sigv4 library for collecting, processing, and transmitting metrics allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the aws-sigv4 library, which is responsible for collecting, processing, and transmitting metrics related to Vector, stems from insufficient protection of registration data during the processing of the awssigv4::SigningParams structure. Exploiting this vulnerability can allow...

Apache Pulsar Broker Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

Authentication flaw

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

PT-2023-3739 · Advantech · Advantech Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 8.4.5 Description: The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file,...

The vulnerability of the built-in software of the ARIS controller lies in the insufficient protection of operational data, allowing attackers to obtain user authentication credentials.

The vulnerability of the ARIS controller’s built-in software is related to insufficient protection of authentication data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user authentication data from the web interface...

Planet SDK for Python 安全漏洞

Planet SDK for Python is an open source application from Planet Labs. A Python-API and a command line interface CLI are provided to use the Planet API. A security vulnerability exists in Planet SDK for Python versions prior to 2.0.1, which stems from a vulnerability that allows unauthorized users...

Information Disclosure

typed-rest-client is vulnerable to Information Disclosure. The vulnerability exists because the library does not disable the authentications on redirections, which allows an attacker to send a malicious request with BasicCredentialHandler, BearerCredentialHandler, or...

Potential leak of authentication data to 3rd parties

Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler 2. The target...

CVE-2023-30846

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

CVE-2023-30846 typed-rest-client vulnerable to potential leak of authentication data to 3rd parties

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

CVE-2023-30846 typed-rest-client vulnerable to potential leak of authentication data to 3rd parties

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

Microsoft typed-rest-client 安全漏洞

Microsoft typed-rest-client is a typed REST and HTTP client with TypeScript types from Microsoft Corporation USA. A security vulnerability exists in Microsoft typed-rest-client version 1.7.3 and prior versions, which originates from the disclosure of user authentication data...