472 matches found
SUSE CVE-2023-5729
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...
Webauthn-Framework Authorization Issues Vulnerability
Webauthn-Framework is an authentication mechanism. It is used by Web applications to create and use strong, proven, scoped, public-key based credentials for strong authentication of users. An authorization issue vulnerability exists in Webauthn-Framework that stems from improper handling of...
PTC Kepware KEPServerEX Security Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and prior versions, which stems from the Web server's use of basic authentication to protect user credentials, and can be...
CVE-2023-31424 Web authentication and authorization bypass
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization...
CVE-2023-31424 Web authentication and authorization bypass
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization...
CVE-2023-31424 - Web authentication and authorization bypass
Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...
SAMSUNG Members Security Breach
SAMSUNG Members is a community platform app from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Members version 14.0.07.1, which stems from the presence of an incorrect URL authentication vulnerability that could allow an attacker to access sensitive...
Rocket.Chat Authorization Issues Vulnerability (CNVD-2023-40581)
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an authorization issue vulnerability that stems from the fact that editing a message can change the original timestamp, causing the UI to display the messages in the wrong order. An attacker could use this vulnerability to...
SUSE CVE-2014-3497
Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...
SUSE CVE-2016-2313
authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...
SUSE CVE-2016-10700
authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...
SUSE CVE-2018-18820
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution...
SUSE CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
SUSE CVE-2021-32800
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...
DEBIAN-CVE-2022-28281
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...
PT-2022-27401 · Unknown · Rest Api Authentication Plugin
Name of the Vulnerable Software and Affected Versions: REST API Authentication plugin versions prior to 2.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...
IBM Robotic Process Automation 授权问题漏洞
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1, 21.0.2, 21.0.3, 21.0.4, a...
Splunk 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...
September 20, 2022—KB5017381 (OS Build 20348.1070) Preview
September 20, 2022—KB5017381 OS Build 20348.1070 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to fi...
CVE-2022-1499
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page...