74 matches found
CVE-2021-41275
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...
CVE-2025-20152
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker...
UBUNTU-CVE-2025-24814
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...
CVE-2024-46943
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...
CVE-2024-39924
An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate...
Fedora: Security Advisory (FEDORA-2024-1d1b485611)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 9 : ipa (RHSA-2024:3757)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...
Moderate: Red Hat Security Advisory: idm:DL1 and idm:client security update
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...
CVE-2023-51141
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...
PT-2024-5329 · Apache · Rocketmq
Name of the Vulnerable Software and Affected Versions: RocketMQ versions 5.2.0 and below Description: The issue is related to insufficient protection of service data in the RocketMQ messaging platform. This could allow a remote attacker to gain unauthorized access to protected information. Under...
CVE-2023-45140 Group-based JIT MFA bypass on scp and sftp in The Bastion
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...
Ubuntu 16.04 ESM : Apache ZooKeeper vulnerabilities (USN-4789-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4789-1 advisory. It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or oth...
VulnCheck KEV: CVE-2023-4966
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...
The vulnerability of the Authentication, Authorization, and Accounting (AAA) function, as well as the SCP function of Cisco IOS and Cisco IOS XE operating systems, allows attackers to circumvent security restrictions and obtain or modify the configuration of vulnerable devices.
The vulnerability of the Authentication, Authorization, and Accounting AAA function and the SCP function of Cisco IOS and Cisco IOS XE operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and obta...
The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, related to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.
The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor,...
CVE-2023-29056
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined...
Application Security vs. API Security: What is the difference?
As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs Application Programming Interfaces. With that said, application security and API security are two critical components of a...
The vulnerability of Cisco IOS XE’s operating system in authentication, authorization, and accounting services allows a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of Cisco IOS XE’s authentication, authorization, and accounting AAA services arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...
PT-2022-27691 · Unknown · Opendaylight
Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteRole function in RoleStore.java is affected when using the API interface /auth/v1/roles/. Recommendations:...