31 matches found
EUVD-2002-0556
Malware in sbrugna...
EUVD-2024-0908
Malicious code in bioql PyPI...
spring-security: Broken Access Control With Direct Use of AuthenticatedVoter
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter...
spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...
spring-security: Broken Access Control With Direct Use of AuthenticatedVoter
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter...
spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...
spring-security: Broken Access Control With Direct Use of AuthenticatedVoter
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter...
CVE-2024-22257
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVotervote passing a NULL authentication parameter. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to...
GHSA-F3JH-QVM4-MG39 Erroneous authentication pass in Spring Security
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...
CVE-2024-22257
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...
VMware Spring Security Security Vulnerability
VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.2.0 through 6.2.2, 6.1.0 through 6.1.7, 6.0.0 through 6.0.9, 5.8.0 through 5.8.10, and 5.7.0...
GHSA-W3W6-26F2-P474 Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
PT-2024-1840 · Unknown · Spring Security
Name of the Vulnerable Software and Affected Versions: Spring Security versions 6.1.x through 6.1.6 Spring Security versions 6.2.x through 6.2.1 Description: The issue is related to broken access control in Spring Security when the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication...
SUSE CVE-2009-3623
The lookupcbcred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTHNULL authentication flavor, which allows remote attackers to cause a denial of service NULL pointer dereferenc...
RealVNC 4.1.0 - 4.1.1 - VNC Null Authentication - Auth Bypass Patch (EXE)
No description provided by source. xx vnc-411-unixsrc.bl4ck/common/rfb/CConnection.cxx --- vnc-411-unixsrc/common/rfb/CConnection.cxx 2005-03-11 09:08:41.000000000 -0600 +++ vnc-411-unixsrc.bl4ck/common/rfb/CConnection.cxx 2006-05-15 14:03:30.000000000 -0500 @@ -183,7 +183,12 @@ // Inform the...
Windows Manage Remote Packet Capture Service Starter
This module enables the Remote Packet Capture System rpcapd service included in the default installation of Winpcap. The module allows you to set up the service in passive or active mode useful if the client is behind a firewall. If authentication is enabled you need a local user account to captu...
PT-2009-5897 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.31.2 Description: The issue is related to the lookup cb cred function in the nfsd4 subsystem, which attempts to access a credentials cache even when a client specifies the AUTH NULL authentication flavor. Th...
RealVNC 4.1.0 - 4.1.1 (VNC Null Authentication) Vulnerability Scanners
No description provided by source. class101 - http://heapoverflow.com RealVNC 4.1.0 - 4.1.1 VNC Null Authentication Vulnerability Scanners --------------------------------------------------------------------- windows: http://www.milw0rm.com/sploits/05172006-VNCbypauth-win32.rar...
RealVNC 4.1.0 - 4.1.1 (VNC Null Authentication) Vulnerability Scanners
Exploit for multiple platform in category remote exploits ====================================================================== RealVNC 4.1.0 - 4.1.1 VNC Null Authentication Vulnerability Scanners ====================================================================== class101 -...
RealVNC 4.1.0 4.1.1 - VNC Null Authentication Scanner
RealVNC 4.1.0 4.1.1 - VNC Null Authentication Scanner class101 - http://heapoverflow.com RealVNC 4.1.0 - 4.1.1 VNC Null Authentication Vulnerability Scanners --------------------------------------------------------------------- windows:...