CVE-2019-3889

A reflected XSS vulnerability exists in the authentication flow of the OpenShift Container Platform. An attacker could use this flaw to steal authentication data by having users click a malicious link...

The vulnerability of the RTU module’s microprogramming software, Modicon BMXNOR0200H, arises from the presence of embedded authentication data. This allows a hacker to gain access to the FTP service.

The vulnerability of the RTU module’s microprogramming software, Modicon BMXNOR0200H, is related to the presence of embedded authentication data. Exploiting this vulnerability could allow a malicious actor to gain access to the FTP service remotely...

CVE-2019-10160

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL...

Important: python34

Issue Overview: Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlpars...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Information disclosure

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

The vulnerability of the Symfony software platform for developing and managing web applications lies in errors in processing user authentication data, allowing attackers to bypass the authentication process.

The vulnerability of the Symfony software platform for developing and managing web applications is related to errors in processing user authentication data. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures by using the user’s existing username and an empt...

Core: information disclosure due to authentication information exposed in a redirect

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

CVE-2018-15752

An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the server...

CVE-2018-0335

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring...

Trojan watch

We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices:...

The vulnerability of Sonatype Nexus Repository Manager, related to the use of cryptographic algorithms containing defects, allows a perpetrator to gain access to authentication data.

The vulnerability of Sonatype Nexus Repository Manager is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to user authentication data and other sensitive information...

Ubuntu 14.04 LTS / 16.04 LTS : curl vulnerabilities (USN-3554-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3554-1 advisory. It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get...

USN-3554-1 curl vulnerabilities

It was discovered that curl incorrectly handled certain data. An attacker could possibly use this to cause a denial of service or even to get access to sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that curl could accidentally leak authentication...

[ASA-201801-25] lib32-libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201801-25 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-597 Summary ======= The...

[ASA-201801-22] lib32-curl: multiple issues

Arch Linux Security Advisory ASA-201801-22 ========================================== Severity: Medium Date : 2018-01-29 CVE-ID : CVE-2018-1000005 CVE-2018-1000007 Package : lib32-curl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-594 Summary ======= The package...

FreeBSD : cURL -- Multiple vulnerabilities (0cbf0fa6-dcb7-469c-b87a-f94cffd94583)

The cURL project reports : libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X...

SUSE-SU-2018:0217-1 Security update for curl

This update for curl fixes one issues. This security issue was fixed: - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects bsc1077001...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2018:0217-1)

This update for curl fixes one issues. This security issue was fixed : - CVE-2018-1000007: Prevent leaking authentication data to third parties when following redirects bsc1077001 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...