289 matches found
PT-2022-11828 · Fresenius Kabi · Fresenius Kabi Vigilant Software Suite
Name of the Vulnerable Software and Affected Versions: Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 Description: The issue allows user input to be validated on the client side without proper authentication by the server. This is problematic because the server should...
Cross-Site Request Forgery (CSRF)
Apache Kylin is vulnerable to cross-site request forgery. The vulnerability exists due to a lack of sanitization of the authenticity of web requests allowing an attacker to submit requests which bypass the server authentication...
CVE-2021-20869
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-3...
CVE-2021-20868
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub...
UBUNTU-CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
PT-2021-18225 · Npm · A12Nserver
Name of the Vulnerable Software and Affected Versions: a12n-server versions 0.18.0 through 0.18.1 Description: The issue concerns a12n-server, an npm package for simple authentication. A feature to edit users via a new HAL-Form was introduced in version 0.18.0 but was incorrectly made accessible ...
Apache Solr Information Disclosure Vulnerability
Apache Solr is a standalone enterprise-class search application server. Apache Solr information disclosure vulnerability can be exploited by an attacker to gain unauthorized access to server authentication and authorization profiles...
Client TLS credentials sent raw to server in npm package nats
Nats is a Node.js client for the NATS messaging system. Problem Description Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The...
CVE-2021-28124
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle MITM support channel UI session to Cohesity DataPlatform...
CVE-2021-28124
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle MITM support channel UI session to Cohesity DataPlatform...
CVE-2021-3252
KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure...
PT-2020-6288 · NetGear · Netgear Dgn2200V1
Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200v1 devices version 1.0.0.59 and earlier Description: The issue is related to the mishandling of HTTPd authentication in the NETGEAR DGN2200v1 devices, which can be exploited by a remote attacker to execute arbitrary code. This ...
CVE-2020-28049
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents an...
CVE-2020-28049
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents an...
SUSE-SU-2020:1072-1 Security update for pacemaker
This update for pacemaker fixes the following issues: - CVE-2018-16877: Fixed an issue with insufficient local IPC client-server authentication on the client's side bsc1131356. - CVE-2018-16878: Fixed a denial of service related to insufficient verification of uncontrolled processes bsc1131353...
MS12-051: Vulnerability in Microsoft Office for Mac could allow elevation of privilege: July 10, 2012
Describes the Microsoft Office for Mac 2011 14.2.3 Update that was released on July 10, 2012INTRODUCTIONMicrosoft has released security bulletin MS12-051. This security bulletin contains all the relevant information about the security update for Microsoft Office for Mac 2011. To view the complete...
Directory traversal
An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...
Hacking McDonald's for Free Food
This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a...