218 matches found
CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this...
NTLM Hash Exposure
dnn.platform is vulnerable to NTLM hash exposure. The vulnerability is due to improper handling of authentication requests, allowing malicious interactions to redirect NTLM authentication hashes to an attacker-controlled SMB server...
CVE-2024-20481
A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...
CVE-2020-5893
In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection...
CVE-2019-1322
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340...
Cisco Identity Services Engine RADIUS Denial of Service Vulnerability
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker...
CVE-2025-20150
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...
Cisco Nexus Dashboard LDAP Username Enumeration (cisco-sa-nd-unenum-2xFFh472)
According to its self-reported version, Cisco Nexus Dashboard LDAP Username Enumeration is affected by a vulnerability. - A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of...
CVE-2025-20150
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...
CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...
CVE-2025-20150 Cisco Nexus Dashboard Username Enumeration Vulnerability
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...
Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability
A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an...
Improper JWT Signature Validation
jupyterhub-ltiauthenticator is vulnerable to improper JWT signature validation. The vulnerability is due to missing JWT signature validation in LTI13Authenticator, allowing forged authentication requests to be accepted...
Sitevision 安全漏洞
Sitevision is a content management system CMS from the Swedish company Sitevision. A security vulnerability exists in Sitevision version 10.3.1 and earlier, which stems from a vulnerability that allows a remote attacker to access the private key used to sign SAML Authn requests under certain...
Trend Micro ID Security 安全漏洞
Trend Micro ID Security is an all-in-one ad blocker, password manager, and privacy-enhancing browser extension from Trend Micro. A security vulnerability exists in Trend Micro ID Security 3.0 and prior versions, which stems from a vulnerability that could allow an attacker to send an unlimited...
Cisco Adaptive Security Appliance Remote Access VPN Brute Force DoS (cisco-sa-asaftd-bf-dos-vDZhLqrW)
According to its self-reported version, Cisco Adaptive Security Appliance ASA Software is affected by a vulnerability. - A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an...
CVE-2024-47406
Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability...
Sharp MFP 安全漏洞
Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of HTTP authentication requests, resulting in an authentication bypass vulnerability...
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...
CVE-2024-20481
A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...