EUVD-2021-29747

Malicious code in bioql PyPI...

CVE-2021-42791

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...

CVE-2021-42791

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...

Design/Logic Flaw

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...

CVE-2021-42791

The CVE-2021-42791 entry concerns VeridiumID VeridiumAD 2.5.3.0. The vulnerability is an access-control gap in the HTTP trigger for push notifications: an attacker can trigger notifications for other enrolled users, and the notification text can be altered. If the notification recipient accepts, ...

CVE-2021-42791

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified...

VeridiumAd 环境问题漏洞

VeridiumAd is an enterprise-ready solution from Veridium UK. that adds biometric authentication and identity assurance to Microsoft Active Directory environments. A security vulnerability exists in VeridiumAd 2.5.3.0, which arises from an HTTP request that triggers a push notification for a...