Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability

A vulnerability in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is...

Debian DLA-2239-1 : libpam-tacplus security update

It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For Debian 8 'Jessie', this issue has been fixed in libpam-tacplus version...

[SECURITY] [DLA 2239-1] libpam-tacplus security update

Package : libpam-tacplus Version : 1.3.8-2+deb8u1 CVE ID : CVE-2020-13881 It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For...

CVE-2020-13805

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures...

Moderate: Red Hat Security Advisory: mod_auth_mellon security and bug fix update

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

UBUNTU-CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

FAS | Users unable to launch published application/ Desktop

Users are unable to launch published applications from a FAS enabled store. When trying to launch a published application, the receiver windows displays the message - "negotiating connection parameters" and then disappears without launching the application. Error Message in the Event Viewer...

Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2019-1644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

munge elevation of privilege vulnerability

munge is an authentication service for creating and verifying credentials. An elevation of privilege vulnerability exists in munge that can be exploited by an attacker to elevate privileges to root...

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

Information disclosure

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

PT-2019-4873 · Openldap +8 · Openldap +8

Name of the Vulnerable Software and Affected Versions: cyrus-sasl version 2.1.27 Description: The issue is related to an out-of-bounds write that can cause an unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. This is ultimately caused by an off-by-one error in the...

PT-2019-12221 · Cloud Foundry · Cloud Foundry Uaa

Name of the Vulnerable Software and Affected Versions: Cloud Foundry UAA versions prior to 74.0.0 Description: The issue allows a remote unauthenticated malicious attacker to craft a URL that contains a SCIM filter with malicious JavaScript. This JavaScript may be executed by older browsers,...

Cloud Foundry UAA Authorization Issues Vulnerability

Cloud Foundry UAA is an authentication and managed service endpoint for the CloudFoundry Cloud Platform. An authorization issue vulnerability exists in Cloud Foundry UAA versions prior to v70.0. An attacker could exploit this vulnerability to impersonate another user by changing their address to...

EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2019-1644)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be...

Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability

A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, Cisco TelePresence Video Communication Server VCS, and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users...

Design/Logic Flaw

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username...