6611 matches found
CVE-2022-41723 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner-fips, restic, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, hey, kubeflow-fips, k3d, grpcurl, go, terraform-provider-sendgrid, wireguard-go, kube-state-metrics, falco, kubeflow, terraform-provider-sendgrid-fips...
The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common
The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress core, a total of 2,370...
CVE-2022-37937
CVE-2022-37937 describes a pre-auth memory corruption vulnerability in HPE Serviceguard . Multiple connected sources confirm: an unauthenticated attacker could trigger memory corruption without user interaction, affecting the Serviceguard component. The issue is described consistently as pre-auth...
CVE-2022-37937
Pre-auth memory corruption in HPE Serviceguard...
CVE-2023-23040
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...
K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868
Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...
K63314101: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2022-21451 Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via...
K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509
Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
K11455641: NGINX LDAP Reference Implementation security exposure
Security Advisory Description NGINX LDAP reference implementation configuration can be modified by sending crafted HTTP requests. Note : nginx-ldap-auth is not an NGINX Product. It is published as a reference implementation of LDAP and describes the mechanics of how the integration works and all ...
K93543114: BIG-IP APM vulnerability CVE-2022-27181
Security Advisory Description When APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. CVE-2022-27181 Impact System performance can degrade while the system is...
Malicious Package
Overview mobile-auth-library-react-native is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...
PT-2023-15068 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 1.6.0p29 Checkmk versions 2.0.0 through 2.0.0p27 Checkmk versions 2.1.0 through 2.1.0p10 Description: The issue allows an attacker to inject and execute PHP code in the auth.php and hosttags.php files of the...
PT-2023-20924 · Tenda · Tenda V15
Name of the Vulnerable Software and Affected Versions: Tenda V15 version V1.0 Description: A buffer overflow issue was discovered via the gotoUrl parameter in the formPortalAuth function, allowing attackers to cause a Denial of Service DoS via a crafted request. Recommendations: For Tenda V15...
U.S. Dept Of Defense: Client side authentication leads to Auth Bypass
A client-side authentication vulnerability was discovered that allowed an attacker to bypass authentication and access sensitive data. By setting a specific parameter in the local storage, the attacker could gain access to the data without providing the correct password. The vulnerability was...
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner-fips, restic, dynamic-localpv-provisioner, gke-gcloud-auth-plugin, hey, kubeflow-fips, k3d, grpcurl, go, terraform-provider-sendgrid, wireguard-go, kube-state-metrics, falco, kubeflow, terraform-provider-sendgrid-fips...
Exploit for Code Injection in Pyload
pyloadCVE-2023-0297poc A code injection vulnerability...
SUSE CVE-2004-0777
Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...
SUSE CVE-2005-3119
Memory leak in the requestkeyauthdestroy function in requestkeyauth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service memory consumption via a large number of authorization token keys...
SUSE CVE-2006-1329
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service "c2s segfault" by sending a "response stanza before an auth stanza"...
SUSE CVE-2006-1721
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer SASL library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service segmentation fault via malformed inputs in DIGEST-MD5 negotiation...