GHSA-HCXX-MP6G-6GR9 Opencast publishes global system account credentials

The issue was mostly mitigated before, drastically reducing the risk. See references below for more information. Impact Opencast before version 10.6 will try to authenticate against any external services listed in a media package when it is trying to access the files, sending the global system...

CVE-2021-34733 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive...

Weseek GROWI 授权问题漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. An access control error vulnerability exists in WESEEK GROWI that originates from an error in the handling of authentication requests. A remote, authenticated attacker could exploit the vulnerability to view unauthorized...

F5 BIG-IP APM 授权问题漏洞

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. An authorization issue vulnerability exists in BIG-IP APM that stems from an error when processing authentication requests. The following...

CVE-2020-3559

A vulnerability in Cisco Aironet Access Point AP Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending...

Design/Logic Flaw

A vulnerability in Cisco Aironet Access Point AP Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending...

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service LSASS when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause an elevation of privilege on the targ...

CVE-2020-10918

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due t...

C-MORE HMI EA9 Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient...

Microsoft SharePoint Elevation of Privilege Vulnerability (CNVD-2020-64009)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

The vulnerability of the “CSRF” cross-request mechanism in the GNU Privacy Guard (GnuPG) software for encrypting data and generating digital signatures allows attackers to carry out denial-of-service attacks.

The vulnerability of the “CSRF” mechanism used by the GNU Privacy Guard GnuPG software for encrypting data and generating digital signatures is related to deficiencies in the processing of authentication requests for applications. Exploiting this vulnerability can allow an attacker to carry out a...

The vulnerability of the XMPP protocol implementation in the Cisco Meeting Server conference platform, related to insufficient input data validation, allows a perpetrator to trigger a service failure.

The vulnerability of the XMPP protocol implementation in the Cisco Meeting Server conference platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending corrupted authentication requests...

PT-2020-1777

Name of the Vulnerable Software and Affected Versions ppp versions 2.4.2 through 2.4.8 Description The issue is related to buffer overflow errors in the eap request and eap response functions of the pppd daemon in the Point-to-Point Protocol PPP. Exploitation of this issue may allow a remote...

CVE-2013-1895

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten...

UBUNTU-CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...

UBUNTU-CVE-2019-5061

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table...

CVE-2019-1320

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340...

CVE-2019-1322

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka ‘Microsoft Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340. Recent assessments: goodlandsecurity at March 25, 2020 3:59pm UTC reported...

The vulnerability in Microsoft SharePoint Foundation software, related to errors in processing authentication requests for applications, allows a hacker to perform cross-site forgery of these requests.

The vulnerability of Microsoft SharePoint Foundation’s electronic document management software is related to errors in processing authorization requests for applications. Exploiting this vulnerability can allow a malicious actor to perform cross-site forgery of authorization requests remotely...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management lies in errors during the processing of authentication requests for applications. This allows a hacker to perform cross-site forgery of these requests.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management is related to errors in processing authentication requests for applications. Exploiting this vulnerability can allow a...