534 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-45160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty...
HydrAIDE Authentication Bypass Vulnerability
Summary There is no authentication of any kind. Details TLS is implemented, the tunnel between the client and server is secure, however once data is on the server, it's free to be read by any adversaries. On the client side :...
GHSA-QP7J-X725-G67F HydrAIDE Authentication Bypass Vulnerability
Summary There is no authentication of any kind. Details TLS is implemented, the tunnel between the client and server is secure, however once data is on the server, it's free to be read by any adversaries. On the client side :...
Linux Distros Unpatched Vulnerability : CVE-2023-40217
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP...
Linux Distros Unpatched Vulnerability : CVE-2022-3786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...
Linux Distros Unpatched Vulnerability : CVE-2022-37026
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations...
Linux Distros Unpatched Vulnerability : CVE-2024-45159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided...
BIT-LIBPYTHON-2023-40217
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...
EBS-CFL: Efficient and Byzantine-robust Secure Clustered Federated Learning
Despite federated learning FL's potential in collaborative learning, its performance has deteriorated due to the data heterogeneity of distributed users. Recently, clustered federated learning CFL has emerged to address this challenge by partitioning users into clusters according to their...
TencentOS Server 2: python (TSSA-2023:0275)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0275 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
TencentOS Server 2: python3 (TSSA-2023:0270)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0270 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
TencentOS Server 3: python3 (TSSA-2023:0260)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0260 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 3: python3.11 (TSSA-2023:0241)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0241 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Devolutions Server 访问控制错误漏洞
Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. An Access Control Error vulnerability exists in Devolutions Server version 2025.1.10.0 and prior versions, which stems from improper access control of...
NetScaler Gateway-13.1-Launching ICA session got stuck with client authentication enabled
You may stuck at the ICA session launching process when you enable client authentication in Gateway virtual server...
ABB M2M Gateway TLS Handshake bypass in embedded Python (CVE-2023-40217)
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...
Malicious code in client-authentication-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4311 Malicious code in client-authentication-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0d83929fbddd1bff9fe89b82702a66c79d3e1f6f0fe19baa7379b58472005ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2009-5116
McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account...
K000151390: Erlang/OTP vulnerabilities CVE-2022-37026 and CVE-2025-32433
Security Advisory Description CVE-2022-37026 In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. CVE-2025-32433 Erlang/OTP is a set of libraries for the Erlang...