alastria-auth (>=0.0.3 <=0.0.17), alastria-identity (>=0.2.0 <=0.4.0) +36 more potentially affected by CVE-2023-6681 via jwcrypto (>=0.4.0 <=1.5.0)

jwcrypto PYPI version =0.4.0, =0.0.3, =0.2.0, =0.4.0a0, =2.0.0, =0.1.0, =0.1.0, =0.1.0.2, =2.5.6, =0.6.0, =0.1.0, =0.0.0.1, =2.5.0, =0.1.0, =0.1.0, =0.14.1 and more Source cves: CVE-2023-6681 Source advisory: OSV:PYSEC-2024-104...

org.apache.pulsar:pulsar-server-distribution (>=3.0.0 <=3.0.17) potentially affected by CVE-2023-51437 via org.apache.pulsar:pulsar-broker-auth-sasl (>=3.0.0 <=3.0.17)

org.apache.pulsar:pulsar-broker-auth-sasl MAVEN version =3.0.0, =3.0.0, =3.0.17 Source cves: CVE-2023-51437 Source advisory: OSV:GHSA-C57V-4VG5-CM2X...

CVE-2023-47209

CVE-2023-47209 affects the TP-Link ER7206 Omada Gigabit VPN Router (1.3.0, build 20230322 Rel.70591). Talos reports a post-authentication command-injection vulnerability in the ipsec policy workflow triggered by a crafted HTTP request to the uhttpd-backed web UI (VPN → IPsec → IPsec Policy). Expl...

CVE-2023-46683

CVE-2023-46683 affects TP-Link ER7206 Omada Gigabit VPN Router (1.3.0 build 20230322 Rel.70591). Talos documents a post-authentication command injection in the uhttpd-based web interface when configuring the WireGuard VPN, triggered by crafted HTTP requests after login. Impact is arbitrary comman...

Important: tomcat

Issue Overview: A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to...

CVE-2015-10129

CVE-2015-10129 affects planet-freo up to 20150116. A vulnerability exists in admin/inc/auth.inc.php where manipulation of the auth argument leads to an incorrect comparison. The attack could be launched remotely; exploit has been disclosed to the public. The patch is identified as 6ad38c58a45642e...

moonmoon security breach

moonmoon is a web-based aggregator similar to Planetplanet. It can be used to mix posts from different blogs with the same interests into a single page. A security vulnerability exists in moonmoon, which stems from an incorrect comparison of the auth parameter on the admin/inc/auth.inc.php page...

GHSA-VJG6-93FV-QV64 Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only

Vulnerability type Logging Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, errors are logged with insufficient information regarding why the authentication failed, and may be...

com.linecorp.centraldogma:centraldogma-server-auth-saml (>=0.33.0 <=0.64.0), com.linecorp.centraldogma:centraldogma-server-auth-shiro (>=0.33.0 <=0.64.0) +7 more potentially affected by CVE-2024-1143 via com.linecorp.centraldogma:centraldogma-server (>=0.17.0 <=0.64.0)

com.linecorp.centraldogma:centraldogma-server MAVEN version =0.17.0, =0.33.0, =0.33.0, =0.61.0, =0.62.0, =0.17.0, =0.44.0, =0.44.0, =0.44.0, =0.64.0 - com.linecorp.centraldogma:centraldogma-xds =0.64.0 Source cves: CVE-2024-1143 Source advisory: OSV:GHSA-34Q3-P352-C7Q8...

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

Enumeration of users in HashiCorp Vault

HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1...

GHSA-RPGP-9HMG-J25X Enumeration of users in HashiCorp Vault

HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1...

Exploit for Incorrect Authorization in Miniorange Web3_-_Crypto_Wallet_Login_\&_Nft_Token_Gating

CVE-2023-6036 POC about Wordpress plugin Web3 – Crypto wallet...

Malicious code in identity-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 172d924c44b4cff292645cf014382ea4d780ad62b2d7550d53d4825c83ac271f The OpenSSF Package Analysis project identified 'identity-auth' @ 10.999.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-948 Malicious code in identity-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 172d924c44b4cff292645cf014382ea4d780ad62b2d7550d53d4825c83ac271f The OpenSSF Package Analysis project identified 'identity-auth' @ 10.999.0 npm as malicious. It is considered malicious because: - The package...

PT-2024-15843 · WordPress · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to Stored Cross-Site Scripting via the Link Anything functionality due to insufficient input sanitization and output...

CVE-2024-0529

A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/loginauth.php of the component HTTP POST Request Handler. The manipulation of the argument usernamelogin leads to sql injection...

CVE-2024-22209 XBlock custom auth does not respect JWT Scopes

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

CVE-2024-22209 XBlock custom auth does not respect JWT Scopes

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

CVE-2023-49801

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the getpfp and getbanner routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is...