CVE-2022-27889

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations...

GHSA-M2FV-3RQM-G7P5 Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider. Mitigation: If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expectin...

Privilege Escalation

github.com/fleetdm/fleet is vulnerable to privilege escalation. A premium users with access to the team features are facing post-authentication authorization leading to insecure access control. This vulnerability does not affect fleet instances without teams, or with teams but without restricted...

[SECURITY] Fedora 35 Update: freeipa-4.9.7-4.fc35

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

Citrix Systems Application Delivery Management 资源管理错误漏洞

Citrix Systems Application Delivery Management ADM is an application delivery management system from Citrix Systems. The system provides features such as centralized network and application management. A resource management error vulnerability exists in Citrix Systems Application Delivery...

Products.PluggableAuthService 2.6.0 - Open Redirect Vulnerability

Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect Exploit Author: Piyush Patil Affected Component: Pluggable Zope authentication/authorization framework Component Link: https://pypi.org/project/Products.PluggableAuthService/ Version: =2.6.1"...

PYSEC-2021-44

Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this...

CVE-2020-13957

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

CVE-2018-14705 Lack of Authentication/Authorization on Administrative Web Pages

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these...

PT-2020-20607 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in the Remote Procedure Call RPC loadFile provided by the console functionality. The issue affects the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL, where...

Fedora Update for freeipa FEDORA-2019-c64e1612f5

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-16906

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no...

Infosysta Jira 1.6.13_J8 Project List Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-042 Product: In-App & Desktop Notification for Jira Manufacturer: Infosysta Affected Versions: 1.6.13J8 Tested Versions: 1.6.13J8 Vulnerability Type: Authentication/Authorization Bypass Risk Level: Medium Solution Status: Clos...

Cisco IOS XE Software Buffer Overflow Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A buffer overflow vulnerability exists in the Authentication, Authorization, and Accounting AAA security service in Cisco IOS XE Software Fuji version 16.7.1 and Fuji version 16.8.1, which originates from a...

Ubiquiti Inc.: 3x Reflected XSS vectors for services.cgi (XM.v6.1.6, build 32290)

There are certain end-points containing functionalities that are vulnerable to reflected cross site scripting XSS, allowing attackers to abuse the user' session information and/or account takeover of the admin user. Authenticated users can be persuaded to visit malicious web pages, which allows...

SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities

SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501...

CVE-2018-1051

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider. Mitigation If the YamlProvider is enabled its recommended to add authentication, and authorization to the endpoint expecting...

RedHat Update for freeradius RHSA-2017:2389-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-2404

Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a...

CVE-2016-2404

The CVE-2016-2404 issue affects Huawei switches S5700/S6700/S7700/S9700 (software versions V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00) and S12700 (V200R005C00SPC500, V200R006C00) and ACU2 (V200R005C00SPC500, V200R006C00). Root cause: a permission contr...