55 matches found
PT-2022-18671 · Emerson Electric · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns insufficient verification of data authenticity, which can cause the software to display logic that differs from the compiled logic...
The vulnerability of the Thunderbird email client, related to insufficient verification of data authenticity, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Thunderbird email client stems from insufficient verification of data authenticity when the space character is used in the Braille table. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sendi...
The vulnerability of the check function of the Cisco Adaptive Security Device Manager (ASDM) in the Cisco Adaptive Security Appliance Software (ASA) allows a hacker to execute arbitrary code.
The vulnerability of the Cisco Adaptive Security Device Manager ASDM verification function in the Cisco Adaptive Security Appliance Software ASA lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafte...
The vulnerability of the Datagram TLS implementation in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.
The vulnerability of the Datagram TLS implementation in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to induce service failure through specially created DTLS traffic...
Dell Client Commercial 数据伪造问题漏洞
Dell Client Commercial is a line of workstation equipment from Dell, Inc. The Dell Client Commercial has a security vulnerability that stems from the device's susceptibility to an insufficient data authentication vulnerability. An authenticated attacker could use this vulnerability to install...
The vulnerability of the Open vSwitch network service provided by Neutron, related to insufficient data authentication checks, allows attackers to access confidential data and cause service failures.
The vulnerability of the Open vSwitch network service provided by Neutron relates to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, as well as cause service failures through specially crafted packets...
OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Windows
OpenSSL is prone to timing-based attacks on SSL/TLS with CBC encryption. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...
OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Linux
OpenSSL is prone to timing-based attacks on SSL/TLS with CBC encryption. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...
PT-2020-5141 · Cncf · Envoy
Name of the Vulnerable Software and Affected Versions: CNCF Envoy versions prior to 1.13.0 Description: The issue is related to insufficient authentication of data in the Envoy network software. It allows a remote attacker to bypass security restrictions by using only TLS 1.3, which could lead to...
The vulnerability of the automatic update function of the security service for Umbrella Roaming Client for Windows allows a hacker to install arbitrary applications on the target device.
The vulnerability of the automatic update function for the Umbrella Roaming Client security service for Windows devices relates to insufficient data authentication checks. Exploiting this vulnerability could allow attackers to install arbitrary applications on target devices...
CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2019-1010084
Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to ensureauth wrapper result in authentication-checking not being applied to al routes...
Cloudera Manager Cross-Site Scripting Vulnerability
Cloudera Manager is a suite of Hadoop data management software from Cloudera. The software supports creating clusters, authentication, data backup and recovery, and more. A cross-site scripting vulnerability exists in Cloudera Manager. The vulnerability stems from the lack of proper authenticatio...
CVE-2018-10626
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLin...
Debian DSA-566-1 : cupsys - unsanitised input
An information leak has been detected in CUPS, the Common UNIX Printing System, which may lead to the disclosure of sensitive information, such as user names and passwords which are written into log files. The used patch only eliminates the authentication information in the device URI which is...