Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An authorization issue vulnerability exists in Apache Superset versions prior to 2.1.2 that stems from the presence of incorrect authorization checks. An attacker could exploit this vulnerability...

The vulnerability of the SerializationTypeConverter class in the Microsoft Exchange Server mail server allows attackers to perform spoofing attacks.

The vulnerability of the SerializationTypeConverter class in Microsoft Exchange Server lies in the deserialization mechanism’s flaws, resulting from insufficient protection of service data during NTLM authentication. Exploiting this vulnerability allows an attacker to perform spoofing attacks...

CVE-2023-20886

VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user...

Exim Security Vulnerabilities

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards, and delivers mail. A security vulnerability exists in Exim that stems from Exim incorrectly processing user-supplied authentication data, resulting in memory corruption...

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to servi...

PCI v4 is coming. Are you ready?

If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs o...

CVE-2023-4400

A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...

Information Leak

The MongoDB Driver is vulnerable to Information Leak. The vulnerability is due to the MongoDB Drivers erroneously publishing events containing authentication-related data to a command listener configured by an application. An attacker can get hold of this sensitive information when he accesses it...

GHSA-VXVM-QWW3-2FH7 MongoDB Driver may publish events containing authentication-related data

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

Information Exposure

Overview mongodb/mongo-swift-driver is a The official MongoDB driver for Swift. Affected versions of this package are vulnerable to Information Exposure via the command listener feature. When it is enabled not the default setting, some drivers may inadvertently publish events containing sensitive...

UBUNTU-CVE-2021-32050

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may...

PT-2023-4650 · Mongodb +2 · Mongodb Node.Js Driver +5

Name of the Vulnerable Software and Affected Versions: MongoDB C Driver versions 1.0.0 through 1.17.7 MongoDB PHP Driver versions 1.0.0 through 1.9.2 MongoDB Swift Driver versions 1.0.0 through 1.1.1 MongoDB Node.js Driver 3.6 versions 3.6 through 3.6.10 MongoDB Node.js Driver 4.0 versions 4.0...

The vulnerability of the aws-sigv4 library for collecting, processing, and transmitting metrics allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the aws-sigv4 library, which is responsible for collecting, processing, and transmitting metrics related to Vector, stems from insufficient protection of registration data during the processing of the awssigv4::SigningParams structure. Exploiting this vulnerability can allow...

Apache Pulsar Broker Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

CVE-2023-34339

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

Authentication flaw

In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message...

PT-2023-3739 · Advantech · Advantech Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 8.4.5 Description: The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file,...

The vulnerability of the built-in software of the ARIS controller lies in the insufficient protection of operational data, allowing attackers to obtain user authentication credentials.

The vulnerability of the ARIS controller’s built-in software is related to insufficient protection of authentication data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user authentication data from the web interface...

Planet SDK for Python 安全漏洞

Planet SDK for Python is an open source application from Planet Labs. A Python-API and a command line interface CLI are provided to use the Planet API. A security vulnerability exists in Planet SDK for Python versions prior to 2.0.1, which stems from a vulnerability that allows unauthorized users...

Information Disclosure

typed-rest-client is vulnerable to Information Disclosure. The vulnerability exists because the library does not disable the authentications on redirections, which allows an attacker to send a malicious request with BasicCredentialHandler, BearerCredentialHandler, or...