147 matches found
CVE-2021-32729 A user without PR can reset user authentication failures information
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script right...
Authentication Bypass
openldap is vulnerable to authentication bypass. The vulnerability exists as a flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP...
openSUSE Security Update : mailman (openSUSE-2019-495)
This update for mailman to version 2.1.27 fixes the following issues : This security issue was fixed : - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed : - The hash generated when...
CVE-2017-2659
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...
openssl: Carry propagating bug in Montgomery multiplication
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...
openSUSE: Security Advisory for mailman (openSUSE-SU-2018:1858-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for mailman (moderate)
This update for mailman to version 2.1.27 fixes the following issues: This security issue was fixed: - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed: - The hash generated when...
Target Credential Issues by Authentication Protocol - No Issues Found
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol. When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that ma...
Lenovo System x-Series and IBM System x-Series Denial of Service Vulnerabilities
Lenovo System x is a server from Lenovo in China.IBM System x is a server from IBM in the United States. A security vulnerability exists in the Lenovo System x series prior to version 4.4 and the IBM System x series prior to version 6.4. An attacker could exploit this vulnerability to cause a...
CVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
CVE-2017-3768
CVE-2017-3768 affects IBM IMM2 (System x, Flex, BladeCenter) and Lenovo System x variants. A remote, unprivileged attacker with CIM connectivity can flood IMM2 with authentication failures, exhausting memory and causing the device to reboot. Affected versions are Lenovo System x (pre-4.4) and IBM...
CVE-2017-3768
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...
AWS Auditing & Hardening Tool: Zeus
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...
Users get multiple OTP Push Notifications, Radius servers see multiple Auth requests & Auth Failures
Users will receive authentication denials, may receive multiple Push Notifications, Radius servers will log multiple simultaneous authentication requests for the same user with different Radius IDs, or user One Time Password tokens will become locked out. If you review traces, you will see multip...
Ubuntu 14.04 LTS : OpenSSH regression (USN-2710-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2710-2 advisory. USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default...
Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64
It was discovered that the Cyrus SASL library cyrus-sasl does not always reliably terminate output from the saslencode64 function used by programs using this library. The Cyrus IMAP server cyrus-imapd relied on this function's output being properly terminated. Under certain conditions, improperly...
CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2009-0362
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...
CVE-2009-0362
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...
CVE-2009-0362
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...