Prometheus vulnerable to basic authentication bypass

Impact Prometheus can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back. However, a flaw in the way this...

Boa Web Server 0.94.13 / 0.94.14 Authentication Bypass

Exploit Title: Boa Web Server 0.94.13-0.94.14 Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://github.com/gpg/boa CVE: N/A Tested on: Debian 5.18.5 Description : Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate the correct security constraint ...

CVE-2022-31616

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure...

DEBIAN-CVE-2022-31615

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service...

CVE-2022-44387

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Basic Information component under the Edit Member module...

EyouCms 跨站请求伪造漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms version V1.5.9-UTF8-SP1, which originates from the inclusion of cross-site request forgery CSRF via the Basic...

PT-2022-35407 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.74 Description: A potential issue exists in the Linux Kernel, specifically in the cfg80211 component, which may lead to corruption of the BSS list. The actual impact and attack plausibility have not yet be...

PT-2022-27206 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.5.9-UTF8-SP1 Description: A Cross-Site Request Forgery CSRF issue was discovered in the Basic Information component under the Edit Member module. This allows for unauthorized actions to be performed on behalf of a user...

PT-2022-23627 · Intel · Intel Nuc 10 Performance Mini Pcs +1

Name of the Vulnerable Software and Affected Versions: IntelR NUC 10 Performance Kits and IntelR NUC 10 Performance Mini PCs versions prior to FNCML357.0053 Description: The issue is related to improper access control in BIOS firmware, which may allow a privileged user to enable escalation of...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

Design/Logic Flaw

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

Mitsubishi Electric consumer electronics products 安全漏洞

Mitsubishi Electric consumer electronics products is a line of consumer electronics products from Mitsubishi Electric Corporation Mitsubishi Electric of Japan. A security vulnerability exists in Mitsubishi Electric consumer electronics products that stems from the use of basic authentication for...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

CVE-2022-33321

Summary: CVE-2022-33321 is a vulnerability in Mitsubishi Electric consumer electronics products caused by using Basic Authentication over HTTP. This cleartext transmission can let a remote, unauthenticated attacker sniff credentials (username/password) and potentially cause a DoS. Affected produc...

CVE-2022-33321

Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric...

azkm (>=0.1.0 <=0.2.71), azure-knowledgemining-cli (=0.1.0) +3 more potentially affected by CVE-2022-39327 via azure-cli (>=2.0.76 <=2.29.2)

azure-cli PYPI version =2.0.76, =0.1.0, =0.3.1, =0.1.10, =1.0.19 Source cves: CVE-2022-39327 Source advisory: OSV:PYSEC-2022-43177...

Authentication Bypass

github.com/brokercap/bifrost is vulnerable to authentication bypass. The vulnerability exists in multiple functions of ajax.js because of removing the X-Requested-With: XMLHttpRequest field from the request header which allows an attacker to bypass permission using HTTP basic authentication...

CVE-2022-3158

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully...

DEBIAN-CVE-2022-42720

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers able to inject WLAN frames to trigger use-after-free conditions to potentially execute code...