CVE-2018-16738

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1...

May 25, 2017—KB4020102 (OS Build 15063.332)

May 25, 2017—KB4020102 OS Build 15063.332 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where NTLM fails to generate a challenge response when CredGuard is enabled, NTLMv...

CVE-2018-8852

Philips e-Alert Unit non-medical device, Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier...

CVE-2018-16671

CirCarLife before 4.3 is affected by CVE-2018-16671 due to improper authentication for /html/device-id, causing system software information disclosure. Affected component is the CirCarLife web interface; root cause is lack of authentication on the device-id endpoint, enabling an unauthenticated u...

CVE-2018-15479

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to...

SUSE-SU-2018:1971-1 Security update for python-paramiko

This update for python-paramiko fixes the following issues: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authentication step bsc108527...

SUSE-SU-2018:1850-1 Security update for python-paramiko

This update for python-paramiko to version 2.0.8 fixes the following issues: - CVE-2018-7750: transport.py in the SSH server implementation of Paramiko did not properly check whether authentication is completed processing other requests. A customized SSH client could have skipped the authenticati...

PT-2018-16180 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 12.0.8 Nextcloud Server versions prior to 13.0.3 Description: The issue is related to improper authentication on the OAuth2 token endpoint. It involves missing checks that could potentially allow handing out...

CVE-2017-7931

In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator URL on the web server, a malicious user is able to access the configuration files and application pages without authentication...

MGASA-2018-0235 Updated spring-ldap packages fix security vulnerability

It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...

CVE-2018-11094

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and...

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

SSO PassThrough is not working in Microsoft Edge Browser.

SSO Pass-through is not working in Microsoft Edge Browser...

Design/Logic Flaw

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation...

CVE-2017-12720

CVE-2017-12720 affects the Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump (firmware versions 1.1, 1.5, 1.6). The root cause is an improper access control in the FTP server, which does not require authentication when FTP is enabled, allowing remote unauthorized access to the device. ...

HTTP Server Authentication Detected

This is an informational notice that the scanner identified pages protected by web server using HTTP server authentication. Check plugin output to gather more information regarding type of authentication set, and attachment to know which URLs require authenticated access. No source data...

MGASA-2018-0104 Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

CVE-2017-2297

Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens...

CVE-2017-1783

IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857...

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...