426 matches found
PT-2023-31876 · Unknown · Audiobookshelf
Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions prior to 2.7.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. The issue is related to an unauthenticated blind server-side request SSRF vulnerability in Auth.js. This vulnerability has been...
PT-2023-31169 · Wolters Kluwer · Wolters Kluwer B.Point
Name of the Vulnerable Software and Affected Versions: Wolters Kluwer B.POINT version 23.70.00 Description: The issue allows a validated system user to achieve remote code execution via Argument Injection in the server-to-server module during the authentication phase. Recommendations: For version...
USN-6474-1 xrdp vulnerabilities
It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822 It was...
mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character
An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...
CVE-2023-41348
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...
Command injection
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...
CVE-2023-41348 ASUS RT-AX55 - command injection - 4
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...
ASUS RT-AX55 Security Breach
The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering issue in the code-authentication module of the authentication-related functions. The vulnerability can be exploited ...
ASUS RT-AX55 Security Breach
The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering issue in the token-refresh module of authentication-related functions. An attacker can exploit this vulnerability to...
SUSE CVE-2017-6059
Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...
CVE-2023-44096
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality...
PT-2023-29107 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Device authentication module affected versions not specified Description: The issue concerns a vulnerability to brute-force attacks on the device authentication module. Successful exploitation may affect service confidentiality...
DRUPAL-CONTRIB-2023-045
This module enables users to log in by email address with minimal configurations. Drupal core contains protection against brute force attacks via a flood control mechanism. This module's functionality did not replicate the flood control, enabling brute force attacks...
Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Cisco NX-OS Software NX-API Arbitrary Code Execution (CVE-2018-0301)
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...
UBUNTU-CVE-2022-2127
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manage...
UBUNTU-CVE-2022-26563
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization...
USN-6156-2 sssd regression
USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It w...
Security Bulletin: CWE – 307: Inadequate Account Lockout may affect IBM CICS TX Standard
Summary CWE - 307 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CWE. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM CICS TX Standard| 11.1...
CVE-2022-48477
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...