Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn – Rejects AADs that are too short assoclen 8 to match the ESP/ESN specification. authencesn assumes that the AAD is in the ESP/ESN format. When the length of assoclen is shorter than the minimum expected length...

DEBIAN-CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

EUVD-2022-4023

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-9938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16...

PT-2025-21147 · Zohocorp · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior Description: The issue concerns an authenticated SQL injection in the MFA reports. Recommendations: For versions 6513 and prior, consider restricting access to the MFA reports...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

AZL-54315 CVE-2024-45337 affecting package podman 4.1.1-26

Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...

CVE-2024-9313

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them...

EulerOS Virtualization 2.10.0 : libvirt (EulerOS-SA-2024-2133)

According to the versions of the libvirt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoo...

Use After Free

libvirt is vulnerable to Use After Free. The vulnerability is due to a race condition in the virNetClientIOEventLoop method, where the data pointer to a stack-allocated structure is used after the stack frame is freed. If libvirt is configured with fine-grained access control, an attacker could...

CVE-2024-4418

A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop method, the data pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's...

CVE-2024-27223

In EUTRANLCSDecodeFacilityInformationElement of LPPLcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is n...

Out-of-bounds

In EUTRANLCSDecodeFacilityInformationElement of LPPLcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is n...

CVE-2023-3243

UNSUPPORTED WHEN ASSIGNED An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a...

SUSE CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

SUSE CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket...

Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

Session fixation on public links - ownCloud

The session cookies were not reset after authenticating for public links...

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...