221 matches found
Sharp MFP 安全漏洞
Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of HTTP authentication requests, resulting in an authentication bypass vulnerability...
Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack
Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...
CVE-2024-20481
A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...
CVE-2024-20481
A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...
CVE-2024-20481
A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...
CVE-2024-41589
DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitiv...
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. This requires the plugin's Log Authentication Requests setting to be set...
The vulnerability of the RADIUS protocol implementation (Remote Authentication in Dial-In User Service) of the Cisco Identity Services Engine (ISE) allows a perpetrator to cause service interruptions.
The vulnerability of the RADIUS protocol Remote Authentication in Dial-In User Service implementation of the Cisco Identity Services Engine ISE is related to errors in processing requests. Exploiting this vulnerability allows a malicious actor to cause service denial by sending a specially crafte...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
SUSE CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...
CVE-2023-22746
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images
CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...
CVE-2022-27893
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0...
PT-2022-18672 · Osisoft · Osisoft-Pi-Web-Connector
Name of the Vulnerable Software and Affected Versions: osisoft-pi-web-connector versions 0.15.0 through 0.43.0 Description: The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. Recommendations: For osisoft-pi-web-connector...
Authentication Bypass
github.com/pingcap/tidb is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly restrict the access path, allowing an attacker to bypass the authentication process by providing malicious authentication requests, resulting in privilege escalation or...
Dell Vnx2 Oe For File Security Feature Issue Vulnerability
Dell Vnx2 Oe For File is an operating environment from Dell USA. A security signature issue vulnerability exists in Dell Vnx2 Oe For File that originates from an error in the processing of authentication requests. A remote attacker could use this vulnerability to bypass the authentication process...
CVE-2022-0564 Qlik Sense Enterprise Domain User enumeration
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time...