Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables th...

CVE-2024-29450

The published details in PT-2024-22907 indicate a vulnerability affecting ROS2 Humble Hawksbill versions 2, located in the permission and access control components. The issue could allow an attacker to execute arbitrary code, cause a denial of service, escalate privileges, and obtain sensitive in...

PT-2024-22907 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Humble Hawksbill versions 2 Description: An issue in the permission and access control components allows attackers to execute arbitrary code, cause a denial of service DoS, escalate privileges, and obtain sensitive information via the...

CVE-2023-4094

ARCONTE Aurea Arconte Áurea 1.5.0.0 has a weak authentication vulnerability that lets an attacker issue false login attempts to block legitimate accounts and cause a denial of service. A separate resource indicates a method to circumvent the login attempt limit. Public documents identify the affe...

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, due to the lack of data encryption measures, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to the lack of data encryption measures. Exploiting this vulnerability could allow an attacker to gain access to...

CVE-2023-34240

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong...

Security Bulletin: OpenSSL vulnerability in Lenovo SAN Volume Controller and Storwize Family (CVE-2014-0224)

Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Security vulnerability in OpenSSL Vulnerability Details --- CVEID: CVE-2014-0224 DESCRIPTION : SSL/TLS MITM vulnerability An...

Cloudflare Public Bug Bounty: 2FA BYPASS

A vulnerability in Cloudflare's Dashboard allowed for the retrieval of recovery codes without completing the authentication process. The issue was resolved by disallowing requests to the vulnerable API endpoint until users were fully authenticated...

krb5 security update

An update is available for krb5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

Fedora: Security Advisory for krb5 (FEDORA-2022-a1747aca80)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-33178

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch...

CVE-2022-33178. A vulnerability in the radius authentication system could allow arbitrary code execution.

A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch. Due to improper input validation, the privileged attacker could provide a script as Brocade-Auth-Role parameter that...

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

CVE-2022-32275

A flaw was found in grafana. This vulnerability occurs when the traversal path is explored, and the authentication system redirects to an internal system page that authenticated users should only access...

Fedora: Security Advisory for krb5 (FEDORA-2021-f2c8514f02)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-29452

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...

CVE-2021-29452 Any logged in user could edit any other logged in user.

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...

CVE-2021-29452

CVE-2021-29452 : A flawed privilege check in the a12n-server HAL-Form for editing users (v0.18.0) allowed any logged-in user to edit other users. Patched in v0.18.2. Multiple connected advisories corroborate insecure access controls affecting all users of the package; remediation is upgrade to th...

npm a12n-server 安全漏洞

npm a12n-server is an application from the American company npm. It provides a simple authentication system. A security vulnerability exists in a12n-server that allows any logged in user to make changes...

MK-AUTH Cross-Site Scripting Vulnerability

MK-AUTH is an access control system developed by Pedro Filho, an individual developer in Brazil. A cross-site scripting vulnerability exists in MK-AUTH through version 19.01 K4.9, which originates in the tipo parameter of the admin log ajax.php. An attacker can exploit the vulnerability to read t...