The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to incorrect authentication procedures, allows attackers to compromise data integrity and cause service failures.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to incorrect configuration of access rights for previously deleted users. Exploiting this vulnerability allows a malicious actor to compromise data integrity and cause service interruption...

The vulnerability of microprogrammed software in APC Smart-UPS power supply models of the SMT, SMC, SMTL, SCL, SMX series is related to errors during the authentication process. This allows a perpetrator to execute arbitrary code.

The vulnerability of microprogrammed software in APC Smart-UPS power supplies of the SMT, SMC, SMTL, SCL, and SMX series is related to errors during the authentication process. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability of the FortiMail email security system, related to errors during authentication procedures, allows attackers to obtain the authentication token of the administrative account.

The vulnerability of the FortiMail email security system is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor to obtain the authentication token of the administrative account...

TP-LINK TL-WR940N 访问控制错误漏洞

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. An access control error vulnerability exists in TP-Link TL-WR940N version 3.20.1 Build 200316 Rel.34392n, which stems from incorrect authentication...

QNAP File 授权问题漏洞

QNAP Qfile is a free companion application to QNAP NAS from China Weilian Technology QNAP that allows you to browse and manage files on your NAS using your iPhone or iPad. QNAP Qfile suffers from an authorization issue vulnerability that originates from an error when processing authentication...

CVE-2021-43931

The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error...

Distributed Data Systems WebHmi Authorization Issues Vulnerability

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...

Vulnerability of operating systems iOS, macOS, iPadOS, watchOS, and tvOS, caused by a logical error during authentication procedures, allowing attackers to trigger a service denial

The vulnerability of operating systems such as iOS, macOS, iPadOS, watchOS, and tvOS arises due to a logical error during the authentication process. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Samsung Pass Access Authentication Error Vulnerability (CNVD-2025-02720)

Samsung Pass is a secure and easy way to log in to websites and applications on your cell phone using biometrics from Samsung South Korea. An Access Authentication Error vulnerability exists in versions prior to Samsung Pass 3.0.02.4, which stems from a lack of proper authentication logic in...

The vulnerability of the QEMU hardware emulation software lies in the lack of a necessary encryption step, which allows attackers to gain access to confidential data.

The vulnerability of the QEMU hardware emulation software is related to a implementation error in the handling of pointer authentication. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

The vulnerability of the rhttpproxy service, a management tool for virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, allows attackers to circumvent existing security restrictions.

The vulnerability of the rhttpproxy service in the vmware vcenterserver software is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...

CVE-2021-42054

ACCEL-PPP 1.12.0 has an out-of-bounds read in tritoncontextschedule if the client exits after authentication...

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language arises from information leaks due to temporal discrepancies. This allows attackers to gain access to confidential data.

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language is related to an error that occurs when basic authentication using basicauthprotocolfactorycredentials=... is enabled. Exploiting this vulnerability can allow a remote attacker to gain access...

CVE-2021-41580

The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants...

Trend Micro ServerProtect Authorization Issues Vulnerability

Trend Micro ServerProtect is an enterprise-grade anti-virus program from Trend Micro, Inc. It is used to protect network-connected storage systems and block threats at the source. Trend Micro ServerProtect suffers from an authorization problem vulnerability that originates from an error in the...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to authentication errors, allows a perpetrator to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity remotely...

Siemens SIPROTEC 5输入验证错误漏洞

Siemens SIPROTEC 5 is a multifunction relay from Siemens, Germany. Siemens SIPROTEC 5 suffers from an Input Authentication Error vulnerability that arises from incoming webpackets that are not handled correctly. An unauthenticated, remote attacker with access to any Ethernet interface could explo...

Actions ATS2815输入验证错误漏洞

The Actions ATS2815 is a Bluetooth chip from Actions. The Actions ATS2815 suffers from an Input Authentication Error vulnerability that stems from the Bluetooth Classic implementation on the Actions ATS2815 and ATS2819 chipsets failing to correctly handle the receipt of LMPhostconnectionreq...

mod_auth_openidc 输入输入验证错误漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server, used as an OpenID Connect dependency to authenticate users according to the OpenID Connect provider. modauthopenidc is an authentication/authorization module for the Apache 2.x...

The vulnerability in the web interface for managing microprogrammed software on Cisco Small Business 220 Series Smart Switches allows a attacker to execute arbitrary commands.

The vulnerability in the web interface for managing microprogrammed software on Cisco Small Business 220 Series Smart Switches is related to authentication errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...