Potential leak of authentication data to 3rd parties

Impact Users of typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: 1. Send any request with BasicCredentialHandler, BearerCredentialHandler or PersonalAccessTokenCredentialHandler 2. The target...

CVE-2023-30846

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

CVE-2023-30846 typed-rest-client vulnerable to potential leak of authentication data to 3rd parties

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

CVE-2023-30846 typed-rest-client vulnerable to potential leak of authentication data to 3rd parties

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...

Microsoft typed-rest-client 安全漏洞

Microsoft typed-rest-client is a typed REST and HTTP client with TypeScript types from Microsoft Corporation USA. A security vulnerability exists in Microsoft typed-rest-client version 1.7.3 and prior versions, which originates from the disclosure of user authentication data...

PT-2023-23001 · Unknown · Typed-Rest-Client

Name of the Vulnerable Software and Affected Versions: typed-rest-client versions 1.7.3 and earlier Description: The typed-rest-client library is vulnerable to leaking authentication data to third parties. This occurs when a request is sent with BasicCredentialHandler, BearerCredentialHandler, or...

PT-2023-2992 · Satrlt.Os · Satrlt.Os

Name of the Vulnerable Software and Affected Versions: SatRLT.OS versions affected versions not specified Description: The issue is related to unprotected transmission of authentication data in the SatRLT.OS software for "Сателлит-А" programmable logic controllers. This could allow a remote...

The vulnerability of the log files of user operations in the Apex-VUZ automation system allows a perpetrator to gain access to authentication information.

The vulnerability of the logs of user operations in the Apex-VUZ automation system is related to the storage of passwords in an open format. Exploiting this vulnerability can allow a malicious actor to gain access to authentication information...

SUSE CVE-2010-1322

The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service daemon crash, or possibly obtain sensitive...

SUSE CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

SUSE CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

SUSE CVE-2015-1843

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position...

SUSE CVE-2016-4953

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service ephemeral-association demobilization by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time...

SUSE CVE-2016-10351

Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations...

SUSE CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...

SUSE CVE-2018-8292

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

SUSE CVE-2019-13045

Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server...

SUSE CVE-2021-22145

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...

UBUNTU-CVE-2023-22332

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 4.4 series, 4.3.0 to 4.3.4 4.3 series, 4.2.0 to 4.2.11 4.2 series, 4.1.0 to 4.1.14 4.1 series, 4.0.0 to 4.0.21 4.0 series, All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3....

PT-2022-6073 · Citrix · Citrix Adc +1

Name of the Vulnerable Software and Affected Versions: Citrix ADC formerly Citrix NetScaler Application Delivery Controller versions affected versions not specified Citrix Gateway formerly Citrix NetScaler Gateway versions affected versions not specified Description: The issue is related to...