472 matches found
Authentication flaw
In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web...
Weidmueller Industrial WLAN devices 授权问题漏洞
Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An authorization issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from a specially configured device hostname that causes the device to interpret selected remote traffic as local...
SUSE: Security Advisory (SUSE-SU-2018:2890-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2021-30528
Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2021-30528
Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page...
MesaLabs AmegaView 安全漏洞
MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A security vulnerability exists in MesaLabs AmegaView 3.0 and prior versions that can be exploited by an attacker to gain access using a default cookie that can be set to bypass authentication to the web application...
Google Chrome资源管理错误漏洞
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability in WebAuthentication in versions prior to Google Chrome 91.0.4472.77 can be exploited by a remote attacker to corrupt the rendere...
PT-2021-3507 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to weaknesses in the WebAuthn authentication mechanism. It allows an attacker to register a new security device or key for any user without a previously registered...
CVE-2021-0261
CVE-2021-0261 affects Juniper Junos OS J-Web and related HTTP/HTTPS services, allowing an unauthenticated attacker to cause an extended DoS by sending a high volume of specific requests. Affected versions include multiple Junos OS releases across EX and SRX lines (e.g., 12.3 before 12.3R12-S17; 1...
Github authelia 输入验证错误漏洞
Github authelia is an application from Github USA. An open source authentication and authorization server that provides 2-factor authentication and single sign-on SSO to applications through a web portal. Authelia version 4.27.4 and prior versions contain an input validation error vulnerability...
Improper access control
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...
CVE-2021-22865 Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...
The vulnerability of the HTTP daisy authentication mechanism of the Squid proxy server, related to information disclosure, allows attackers to gain access to confidential data.
The vulnerability of the HTTP dijgest-authentication mechanism of the Squid proxy server is related to the exposure of information. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data...
File Containment Vulnerability in EaseUS Web Authentication System
EaseUS Web Authentication System is a user management system structured in PHP+Mysql. A file inclusion vulnerability exists in EaseUS Web Authentication System. An attacker can exploit this vulnerability to gain server privileges...
UBUNTU-CVE-2021-23972
One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...
多款Netgear产品授权问题漏洞
The NETGEAR DGN2200v1 is an N300 wireless ADSL2+ modem router. An HTTPd authentication vulnerability exists in versions prior to NETGEAR DGN2200v1 v1.0.0.60. No detailed vulnerability details are provided at this time...
chromium-browser: Use after free in WebAuthentication
Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
WebAuthn Passwordless Authentication Now Available for Atlassian Products
Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team...
[ASA-202006-3] chromium: multiple issues
Arch Linux Security Advisory ASA-202006-3 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1178 Summary =====...
Google Chrome WebAuthentication Resource Management Error Vulnerability
Google Chrome is a web browser of Google Google, Inc. WebAuthentication is one of the web authentication components. A resource management error vulnerability exists in WebAuthentication in Google Chrome versions prior to 83.0.4103.97. A remote attacker can exploit this vulnerability to cause a...