Incorrect Access Control

oqtane.framework is vulnerable to Incorrect Access Control. The vulnerability is due to relying on client-side information for authentication and the absence of server-side validation, which allows attackers to manipulate parameters like entityid and bypass security controls...

Cisco Modeling Labs 安全漏洞

Cisco Modeling Labs is a software application from Cisco, Inc. A local network simulation tool that runs on workstations and servers. A security vulnerability exists in Cisco Modeling Labs that stems from the improper handling of certain messages returned by the associated external authentication...

CVE-2024-8534

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway VPN Vserver with RDP Feature enabled OR the appliance must be configured as a Gateway VPN Vserver and RDP Proxy Server Profile is created an...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

CVE-2024-20280

CVE-2024-20280 affects Cisco UCS Central Software backup feature. The root cause is a weakness in the encryption method using a static key for backup configuration, allowing an attacker with access to a backup file to learn sensitive information stored in full state and configuration backups. Aff...

PT-2024-7336 · Cisco · Cisco Ucs Central

Name of the Vulnerable Software and Affected Versions: Cisco UCS Central Software affected versions not specified Description: A weakness in the encryption method used for the backup function in Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive...

CVE-2024-47768

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

CVE-2024-47768

CVE-2024-47768 affects Lif Authentication Server (Lif). The vulnerability lies in the account recovery flow where there is no check to verify that the user has received the recovery email or entered the correct code. An attacker who knows the target’s email can supply the email and trigger a pass...

CVE-2024-47768 Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacke...

PT-2024-32806 · Unknown · Lif Authentication Server

Name of the Vulnerable Software and Affected Versions: Lif Authentication Server versions prior to 1.7.3 Description: The issue is related to the account recovery system of the Lif Authentication Server, where there is no check to ensure the user has received the recovery email and entered the...

Lif Authentication Server 授权问题漏洞

Lif Authentication Server is a Lif Platforms open source server for authenticating Lif account logins, administrative information, and account recovery. An authorization issue vulnerability exists in Lif Authentication Server version 1.7.2 and prior versions that stems from a failure to check to...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.10 for OpenShift image enhancement update

A new image is available for Red Hat Single Sign-On 7.6.10, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. This is a security update with Moderate impact rating. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift...

CVE-2024-38368

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368

CVE-2024-38368 concerns CocoaPods trunk authentication server vulnerability where unclaimed pods could be claimed or where all owners could be removed, enabling takeover of pods migrated from the pre-2014 workflow to trunk. The issue stems from how ownership was managed on CocoaPods’ trunk server...