390 matches found
Apache Kafka 安全漏洞
Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in the data stream. A security vulnerability exists in Apache Kafka versions 0.10.2.0 throu...
CVE-2024-5717 Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing...
Fortinet FortiWeb Multiple vulnerabilities in the authentication mechanism of confd (FG-IR-21-130)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-130 advisory. - Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15,...
PT-2024-7496 · Red Hat · Red Hat 3Scale Api Management
Name of the Vulnerable Software and Affected Versions: Red Hat 3scale API Management affected versions not specified Description: A flaw in the authentication mechanism of Red Hat 3scale API Management allows unauthorized access to the backend. This occurs when a non-base64 'basic' auth with...
CVE-2024-9683
A vulnerability was found in Quay, which allows successful authentication even when a truncated password version is provided. This flaw affects the authentication mechanism, reducing the overall security of password enforcement. While the risk is relatively low due to the typical length of the...
CVE-2024-47652
The CVE-2024-47652 entry concerns Shilpi Client Dashboard, where the login module uses inadequate authentication, allowing an attacker to access any user account by supplying that user’s mobile number. This root cause implies a high-impact authentication weakness that could lead to full account c...
Siemens Mendix Runtime Information Disclosure Vulnerability
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in Siemens Mendix Runtime, which stems from the affected application's authentication...
CVE-2023-49069
A vulnerability has been identified in Mendix Runtime V10 All versions V10.17.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.11 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All...
CVE-2023-49069
A vulnerability has been identified in Mendix Runtime V10 All versions V10.17.0 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.12 All versions V10.12.11 only if the basic authentication mechanism is used by the application, Mendix Runtime V10.6 All...
CVE-2023-49069
The CVE relates to Mendix Runtime authentication: an observable response discrepancy when validating usernames in basic authentication allows unauthenticated remote attackers to distinguish valid vs invalid usernames. Affected versions include Mendix Runtime V8 (all versions < V8.18.33), V9 (&...
CVE-2024-45168
An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable...
CVE-2024-45168
An issue was discovered in UCI IDOL 2 aka uciIDOL or IDOL2 through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable...
SQL Injection
github.com/prest/prest is vulnerable to SQL Injection through the authentication mechanism. The vulnerability is due to improper input validation which allows an attacker to bypass security restrictions and execute unauthorized SQL commands by manipulating input...
CVE-2024-41178
Apache Arrow Rust Object Store (object_store crate)
CVE-2024-39912 Enumeration of valid usernames in web-auth/webauthn-lib
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...
CVE-2024-27712
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism...
eSkooly Security Vulnerabilities
eSkooly is a free online school management software from eSkooly, Inc. A security vulnerability exists in eSkooly version 3.0, which stems from an issue that allows remote attackers to elevate privileges via an authentication mechanism...
CVE-2024-27712
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism...
CVE-2024-27712
CVE-2024-27712 affects Eskooly Free Online School management Software version 3.0 and earlier. The vulnerability exists in the User Account Management component of the authentication mechanism, enabling a remote attacker to escalate privileges. CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9...
CVE-2024-27710
Eskooly Free Online School management Software v3.0 and earlier is affected by a privilege escalation via the authentication mechanism. Root cause is in the authentication flow allowing remote attackers to escalate privileges. Exploitation status/components are not detailed in the provided docume...