419 matches found
PT-2023-23001 · Unknown · Typed-Rest-Client
Name of the Vulnerable Software and Affected Versions: typed-rest-client versions 1.7.3 and earlier Description: The typed-rest-client library is vulnerable to leaking authentication data to third parties. This occurs when a request is sent with BasicCredentialHandler, BearerCredentialHandler, or...
PT-2023-2992 · Satrlt.Os · Satrlt.Os
Name of the Vulnerable Software and Affected Versions: SatRLT.OS versions affected versions not specified Description: The issue is related to unprotected transmission of authentication data in the SatRLT.OS software for "Сателлит-А" programmable logic controllers. This could allow a remote...
The vulnerability of the log files of user operations in the Apex-VUZ automation system allows a perpetrator to gain access to authentication information.
The vulnerability of the logs of user operations in the Apex-VUZ automation system is related to the storage of passwords in an open format. Exploiting this vulnerability can allow a malicious actor to gain access to authentication information...
SUSE CVE-2010-1322
The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service daemon crash, or possibly obtain sensitive...
SUSE CVE-2014-1487
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...
SUSE CVE-2014-4721
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...
SUSE CVE-2015-1843
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...
SUSE CVE-2016-4953
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time...
SUSE CVE-2016-10351
Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations...
SUSE CVE-2017-12173
It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...
SUSE CVE-2018-8292
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...
SUSE CVE-2019-13045
Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server...
SUSE CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...
UBUNTU-CVE-2023-22332
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 4.4 series, 4.3.0 to 4.3.4 4.3 series, 4.2.0 to 4.2.11 4.2 series, 4.1.0 to 4.1.14 4.1 series, 4.0.0 to 4.0.21 4.0 series, All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3....
PT-2022-6073 · Citrix · Citrix Adc +1
Name of the Vulnerable Software and Affected Versions: Citrix ADC formerly Citrix NetScaler Application Delivery Controller versions affected versions not specified Citrix Gateway formerly Citrix NetScaler Gateway versions affected versions not specified Description: The issue is related to...
CVE-2022-33681
A flaw was found in the Apache Pulsar Java Client. This flaw allows an attacker to use a Man-in-the-Middle MITM attack, manipulating network traffic and gaining the client's authentication data...
Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...
GHSA-C5FP-X2H5-VJV7 Apache Pulsar Java Client vulnerable to Improper Certificate Validation
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...
Authentication flaw
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...