33 matches found
CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
DEBIAN-CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
UBUNTU-CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
PT-2019-15720 · Cyrus +5 · Cyrus Imap +5
Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 2.5.x through 2.5.13 Cyrus IMAP versions 3.x through 3.0.11 Description: The issue allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that...
Authentication flaw
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
UBUNTU-CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...
OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...
OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...
MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow
Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...