The vulnerability of the Samba network file system, related to errors during authentication procedures, allows a perpetrator to change the password of an arbitrary user and gain full access to that user’s account.

The vulnerability of the Samba network file system is related to errors during authentication procedures. Exploiting this vulnerability allows a malicious actor, operating remotely, to alter the password of an arbitrary user and gain full access to the account...

The vulnerability of the web server of the cross-platform solution for managing mobile devices by FileWave, related to errors during authentication procedures, allows a hacker to gain full access to the platform.

The vulnerability of the FileWave cross-platform server for managing mobile devices is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the platform...

PT-2022-3853 · Filewave · Filewave

Name of the Vulnerable Software and Affected Versions: FileWave versions prior to 14.6.3 FileWave versions 14.7.x prior to 14.7.2 Description: The issue is related to errors during the authentication procedure in the FileWave platform, which is a cross-platform solution for mobile device...

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process, allowing attackers to execute a “man-in-the-middle” attack.

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

PT-2022-3284 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.8 Description: The issue is related to errors in authentication of the connection with a local Java service used to capture security key requests. An attacker with the ability to execute code on the...

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, related to authentication process errors, allows unauthorized access by attackers to protected information.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to authentication process errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected informatio...

The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, related to authentication errors, allows attackers to disclose sensitive information that is protected.

The vulnerability of the Guzzle client HTTP library, a programming language interpreter for PHP, is related to authentication errors. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the library...

PT-2022-2950 · Spacelogic +1 · Spacelogic C-Bus Application Controller +3

Name of the Vulnerable Software and Affected Versions: C-Bus Network Automation Controller - LSS5500NAC versions prior to V1.10.0 Wiser for C-Bus Automation Controller - LSS5500SHAC versions prior to V1.10.0 Clipsal C-Bus Network Automation Controller - 5500NAC versions prior to V1.10.0 Clipsal...

The vulnerability of the microprogrammed software of the Surface Pro 3 touchscreen display, related to authentication errors, allows a intruder to circumvent existing security restrictions.

The vulnerability of the microprogrammed sensor display software in the Surface Pro 3 is related to authentication errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability of the RubyGems.org hosting service, related to authentication errors, allows a perpetrator to gain access to create, modify, or delete data.

The vulnerability of the RubyGems.org hosting service is related to authentication errors during data copying. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to create, modify, or delete data...

The vulnerability of the Adobe Experience Manager content and media data management system, related to errors in authentication procedures, allows a perpetrator to trigger a service failure.

The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the Atlassian Confluence Server web server, related to authentication errors, allows a hacker to read arbitrary files.

The vulnerability of the Atlassian Confluence Server is related to authentication errors. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files...

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems is related to authentication errors. Exploiting this vulnerability allows a perpetrator to execute unauthorized code or commands using certain console command sequences like “print str” and “cmd...

The vulnerability of the net/http/httputil component in the Golang programming language allows a attacker to compromise data integrity.

The vulnerability of the net/http/httputil component in the Golang programming language is related to authentication errors. Exploiting this vulnerability allows an attacker to compromise data integrity...

The vulnerability of the Magento Commerce software platform for developing and managing online stores, related to authentication errors, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Magento Commerce development and management software platform is related to authentication errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the integration component of the Magento Commerce software development and management platform, related to authentication errors, allows attackers to bypass security functions and gain unauthorized access to protected information.

The vulnerability of the integration component of the Magento Commerce software development and management platform is related to authentication errors. Exploiting this vulnerability allows an attacker to bypass security functions and gain unauthorized access to protected information...

The vulnerability of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to execute arbitrary code with root privileges.

The vulnerability of the Zabbix universal monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges...

flynn/noise has improper nonce handling yielding potential state DoS

The Go package github.com/flynn/noise, a Noise Protocol implementation, has two bugs in nonce handling in versions prior to v1.0.0. Issue 1: Potential nonce overflow If 264 18.4 quintillion or more messages are encrypted with Encrypt after handshaking, the nonce counter will wrap around, causing...

The vulnerability of the Windows Extensible Firmware Interface in the Windows operating system allows a hacker to perform a system shutdown.

The vulnerability of the Windows Extensible Firmware Interface in the operating system Windows is related to authentication errors when accessing files in the EFI partition. Exploiting this vulnerability can allow an attacker to perform a denial-of-service attack...

PT-2022-4183 · Hewlett Packard · Hpe Oneview

Name of the Vulnerable Software and Affected Versions: HPE OneView versions prior to 6.6 Description: The issue is related to authentication errors in the HPE OneView IT infrastructure management system. Exploitation of this issue may allow an attacker to gain unauthorized access to protected...