CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

Apache Pulsar 信任管理问题漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...

PT-2022-21797 · Apache · Apache Pulsar Java Client

Name of the Vulnerable Software and Affected Versions: Apache Pulsar Java Client versions 2.6.4 and earlier Apache Pulsar Java Client versions 2.7.0 through 2.7.4 Apache Pulsar Java Client versions 2.8.0 through 2.8.3 Apache Pulsar Java Client versions 2.9.0 through 2.9.2 Apache Pulsar Java Clien...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager has a cross-site scripting vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server cou...

Authentication Risks Discovered in Okta Platform

Researchers at Authomize have discovered four “high impact” security risks in the identity and access management IAM platform Okta, according to a Tuesday report. The risks include cleartext password leakage via SCIM – the System for Cross-domain Identity Management – sharing of passwords and oth...

CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

GHSA-P9RV-QGQW-JX2W MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

ROS-20220516-30

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...

Jupyter Notebook 日志信息泄露漏洞

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A log information disclosure vulnerability exists in Jupyter Notebook versions prior to 6.4.9, which stems from an unauthorized participant being able to access sensitive...

PT-2022-3565 · Jetbrains · Jetbrains Hub

Name of the Vulnerable Software and Affected Versions: JetBrains Hub versions prior to 2022.1.14434 Description: The issue is related to insufficient authentication data verification in JetBrains Hub, allowing a remote attacker to exploit the vulnerability and gain access to confidential data,...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when...

CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...

CVE-2022-23127

Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior and ICONICS MobileHMI versions 10.96.2 and prior allows a remote unauthenticated attacker to gain authentication information of an MC Works64 or MobileHMI and perform any operation using the...

CVE-2021-44600

The password parameter on Simple Online Mens Salon Management System MSMS 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker c...

Hancom With AnySign4Pc 路径遍历漏洞

Hancom With AnySign4Pc is an executable .exe file from the South Korean company Hancom With. A path traversal vulnerability exists in Hancom With AnySign4Pc. The vulnerability stems from exploiting the parameters of the getPFXFolderList function, which allows an attacker to see authorization...

The vulnerability of the Enterprise Resource Planning tool LedgerSMB lies in the absence of the “Secure” attribute being set in the authentication cookie files. This allows attackers to obtain authentication data.

The vulnerability of the enterprise resource planning tool LedgerSMB lies in the absence of the “Secure” attribute being set in the session cookie files during authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain authentication data by intercepting...

CVE-2021-41011

LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information...

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...