Apple macOS 信息泄露漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. An information disclosure vulnerability exists in macOS, which stems from an authentication issue in the CoreFoundation component. The following products and versions are affected: macOS: 11.0 20A2411, 11.0.1...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

CVE-2021-26074 affects Atlassian Connect Spring Boot (ACSB) versions 1.1.0 through 2.1.2 (before 2.1.3). The root cause is that ACSB erroneously accepts context JWTs on lifecycle endpoints (e.g., installation) where only server-to-server JWTs should be accepted, enabling an attacker to send authe...

UBUNTU-CVE-2021-29943

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts...

CVE-2020-29633

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged...

CVE-2020-29633

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged...

Design/Logic Flaw

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model...

CVE-2020-35231

The CVE-2020-35231 entry concerns the NETGEAR JGS516PE/GS116Ev2 NSDP protocol implementation (v2.6.0.43) with an authentication bypass that lets a remote attacker bypass access controls and obtain full device control. Multiple sources (NVD, Red Hat, CNVD, CNVD-derived entries) confirm an authenti...

CVE-2020-35231

The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device...

CVE-2021-27215

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces Admin, Userweb, Sidechannel can use different methods to perform the authentication of a user. A specific authentication method during login does not check th...

Authentication flaw

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication...

SolarWinds Serv-U File Server Cross-Site Scripting Vulnerability (CNVD-2021-14808)

Solarwinds SolarWinds Serv-U File Server is a file transfer server from SolarWinds USA. A cross-site scripting vulnerability exists in SolarWinds Serv-U File Server before 15.2.2, which stems from a WEB application lacking proper authentication of client data. An authenticated attacker could...

LDAP authentication failed with error code 4003 and Group length is very large

One user cannot login Gateway with LDAP authentication and other users can login normally...

CS Money: Able to upload backgrounds before entering 2FA

Summary: Hi Team, I am able to see and use uploaded backgrounds and able to upload new ones without proper authentication of 2FA. I hope you remember this report 993786. Steps To Reproduce: 1. Login with a steam account and enable 2FA. 1. Now logout your account. Clear all the cookies. 1. Now aga...

CVE-2020-5686

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL...

CVE-2020-5686

Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL...

Rocket.Chat 授权问题漏洞

Rocket.Chat is an open source team chat software. A security vulnerability exists in Rocket.Chat that stems from incorrectly handling SAML logins. No details of the vulnerability are provided at this time...

CVE-2020-26172

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...

Apache TomEE Authorization Issues Vulnerability

Apache TomEE is the United States Apache Software Apache Foundation of a lightweight Java EE application server . A security vulnerability exists in Apache TomEE versions 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5, which originates from the use of the embedded ActiveMQ proxy...

PT-2020-14125 · Askey · Ap5100W

Name of the Vulnerable Software and Affected Versions: Askey AP5100W devices through AP5100W Dual SIG 1.01.097 Description: The issue arises from problems with the random number selection for the Diffie-Hellman exchange, allowing an attacker to brute force the overall authentication exchange by...