Siemens (CVE-2022-34820) (deprecated)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions, SIMATIC CP 1243-1 All versions, SIMATIC CP 1243-7 LTE EU All versions, SIMATIC CP 1243-7 LTE US All versions, SIMATIC CP 1243-8 IRC All versions, SIMATIC CP 1542SP-1 IRC All versions = V2.0, SIMATIC CP 1543-1 All versions =...

CVE-2022-34820

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

CVE-2022-34820

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

CVE-2022-34820

CVE-2022-34820 is an authentication input handling vulnerability in Siemens SIMATIC CP devices (e.g., CP 1242-7/1243-1/1243-7 LTE EU/US/8 IRC, CP 1542SP-1/1543-1/1543SP-1, SIPLUS variants) where certain user-provided fields are not correctly escaped during authentication, allowing an attacker to ...

Siemens SRCS VPN Feature in SIMATIC CP Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Authentication Bypass

github.com/pingcap/tidb is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly restrict the access path, allowing an attacker to bypass the authentication process by providing malicious authentication requests, resulting in privilege escalation or...

Apple tvOS licensing issue vulnerability

Apple tvOS is a smart TV operating system from Apple, Inc. Apple tvOS is vulnerable to an authorization issue stemming from improper AuthKit privilege management, which can be exploited by local attackers to bypass the authentication process...

ROS-20220516-09

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...

PT-2022-17136 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Authentication Plugin versions 1.13 and earlier Description: The issue allows attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. This is caused by the plugin...

CVE-2021-45389

A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864...

The vulnerability of the LibreOffice office software package, related to errors in the certificate validation process, allows a perpetrator to create ODF documents with a digital signature.

The vulnerability of the LibreOffice office software package is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to create ODF documents with digital signatures...

CVE-2021-38476

The CVE-2021-38476 case concerns InHand Networks IR615 Router, where the authentication process response can reveal the existence of a username, enabling attacker-led enumeration of user accounts. This observable response discrepancy is documented in CVE-2021-38476 (CVE list/NVD) with a CVSSv3 ba...

CVE-2021-38476 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts...

The vulnerability of the Ehcache network service in RMI software products for processing Jira Data Center, Jira Core Data Center, and Jira Software Data Center data allows a perpetrator to execute arbitrary code.

The vulnerability of the Ehcache network service in RMI software products for processing data from Jira Data Center, Jira Core Data Center, and Jira Software Data Center is related to the deserialization of data during authentication processes. Exploiting this vulnerability allows an attacker to...

MobileIron agents trust management issue vulnerability

MobileIron agents is an application from MobileIron USA. It is used for MobileIron agents. MobileIron agents versions 2021-03-22 and earlier are vulnerable to a trust management issue that stems from the inclusion of a hard-coded encryption key that is used to encrypt the submission of...

CVE-2020-35138

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work aka com.mobileiron. The key is in the...

Golden FTP Server 4.70 Buffer Overflow

Golden FTP Server 4.70 - 'PASS' Buffer Overflow 2 Author: 1F98D Original Authors: Craig Freyman cd1zz and Gerardo Iglesias Galvan iglesiasgg Tested on Windows 10 x64 A buffer overflow exists in GoldenFTP during the authentication process. Note that the source ip address of the user performing the...

Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists by triggering AP to send IAPP location updates for stations before the required authentication process has completed...

CVE-2020-27523

Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screenkey, displayname, browsername, and operationsystem parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of...