The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management lies in errors during the processing of authentication requests for applications. This allows a hacker to perform cross-site forgery of these requests.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management is related to errors in processing authentication requests for applications. Exploiting this vulnerability can allow a...

CentOS 7 : openssh (CESA-2019:2143)

An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2019-1920

A vulnerability in the 802.11r Fast Transition FT implementation for Cisco IOS Access Points APs Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected interface. The vulnerability is due to a lack of complete error handling condition...

The vulnerabilities of the software for Cisco TelePresence Video Communication Server and Cisco Expressway Series, as well as the Unified Communications Manager IM and Presence Service software, are due to insufficient validation of input data. This allows attackers to trigger service failures.

The vulnerabilities of the Cisco TelePresence Video Communication Server and Cisco Expressway Series software, as well as the Unified Communications Manager IM and Presence Service software, exist due to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers t...

CVE-2019-0972

This security update corrects a denial of service in the Local Security Authority Subsystem Service LSASS caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the...

Microsoft Windows Denial of Service Vulnerability (CNVD-2019-18614)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in Microsoft Local Security Authority Subsystem...

Local Security Authority Subsystem Service Denial of Service Vulnerability

This security update corrects a denial of service in the Local Security Authority Subsystem Service LSASS caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the...

CVE-2019-0971

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'...

CVE-2019-0734

An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how...

CentOS 6 : openssh (CESA-2019:0711)

An update for openssh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

openssh: User enumeration via malformed packets in authentication requests

A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data...

RHEL 6 : openssh (RHSA-2019:0711)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0711 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

The vulnerability of the Skype instant messaging application for Android operating systems allows a hacker to bypass screen lockdowns and gain access to protected information.

The vulnerability of the Skype instant messaging application for Android operating systems is related to errors in processing special authentication requests. Exploiting this vulnerability could allow a hacker to bypass screen lock mechanisms and gain access to protected information...

PT-2019-1372 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center affected versions not specified Description: The issue is related to errors in resource management in the Shell Access Filter feature of Cisco Firepower Management Center. It could allow a remote attacker to...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2019-16181)

Microsoft Windows 10 and others are products of Microsoft Corporation USA.Microsoft Windows 10 is an operating system for personal computers; Windows Server 2016 is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows that stems from a program's failure t...

Skype for Android Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests. An attacker who successfully exploited this vulnerability could bypass Android's lockscreen and access a victim's personal information. To exploit the vulnerability, an...

PT-2019-1167 · Microsoft · Skype

Name of the Vulnerable Software and Affected Versions: Skype versions 8.35 Description: The issue is related to errors in handling specific authentication requests, which can allow an attacker to bypass screen lock and access protected information. This is an elevation of privilege issue that...

PT-2019-1122

Name of the Vulnerable Software and Affected Versions: Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers Description: An elevation of privilege issue exis...

Microsoft Active Directory Federated Services (ADFS) User Enumeration

Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source: https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/ADFS-Timing-Attack Vendor: ========================== http://www.microsoft.com Product: =========== Active...

OpenSSH User Enumeration Vulnerability (CNVD-2018-20960)

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...