WordPress Plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Fedora: Security Advisory for golang-sigs-k8s-aws-iam-authenticator (FEDORA-2022-5038c3236c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:2583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The initial work on this tool was driven by Heptio. The project receives contributions from multiple community engineers and is currently maintained by Heptio and Amazon EKS OSS Engineers...

openSUSE: Security Advisory for aws-iam-authenticator (SUSE-SU-2022:2583-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2022:2583-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2583-1 advisory. - A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and...

SUSE-SU-2022:2583-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass bsc1201395...

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

Code injection

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

HYPR Server contains an Insecure Direct Object Reference (IDOR) in the Device Manager page. Remote authenticated attackers can tamper parameters to add a FIDO2 authenticator to arbitrary accounts. Affected: HYPR Server versions prior to 6.14.1. Remediation: upgrade to 6.14.1 or later.

HYPR Server 安全漏洞

HYPR Server is a server from HYPR, Inc. A security vulnerability exists in HYPR Server versions prior to 6.14.1 that stems from an insecure direct object reference vulnerability that allows remote authentication attackers to tamper with parameters in the Device Manager page that would add a FIDO2...

CVE-2022-22304

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

CVE-2022-22304

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

GHSA-PP3F-98QG-5G75 aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

CVE-2022-2385

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges...

CVE-2022-2385

aws-iam-authenticator (sigs.k8s.io/aws-iam-authenticator) contains CVE-2022-2385, where an allow-listed IAM identity may modify their username and escalate privileges. Technical details in connected docs indicate the issue relates to an AccessKeyID validation bypass in versions prior to v0.5.9. A...