CVE-2026-23996

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...

EUVD-2021-7057

Malicious code in bioql PyPI...

Cisco NX-OS Software system login block-for Denial of Service (CVE-2021-1590)

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service DoS condition. This vulnerability is due to a logic error in the...

Noticeable Delay of Adding User Store in CWA for Mac Residing within a Restricted Intranet

In an isolated intranet that can't connect to the Internet, CWA for Mac users may notice an obvious delay of around 30 seconds during certain operations e.g. adding a store, user authentication, and launching published resources...

PT-2023-20318 · Opensearch +1 · Opensearch Security +1

Name of the Vulnerable Software and Affected Versions: OpenSearch Security versions prior to 1.3.9 OpenSearch Security versions prior to 2.6.0 Description: OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication, and authorization. There is an observable discrepancy ...

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

Debian: Security Advisory (DSA-2289-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2289-1 (typo3-src)

The remote host is missing an update to typo3-src announced via advisory DSA 2289-1. OpenVAS Vulnerability Test $Id: deb22891.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2289-1 typo3-src Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Debian DSA-2289-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site scripting, information disclosure, authentication delay bypass, and arbitrary file deletion. More details can be found in the Typo3 security advisory: TYPO3-CORE-SA-2011-001. %NASLMINLEVE...

Multiple vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting XSS, Information Disclosure, Authentication Delay Bypass, Unserialize vulnerability, Missing Access Control. Component Type: TYPO3 Core Affected Versions: 4.3.11 and below, 4.4.8 and below, 4.5.3 and below Vulnerability...

su+pam.redhat.txt

Date: Wed, 9 Jun 1999 14:07:27 -0700 From: Tani Hosokawa To: [email protected] Subject: vulnerability in su/PAM in redhat I was talking to some guy on IRC st2 and he asked me to mention to bugtraq because he's not on the list that the PAMified su that comes with redhat has a slight hole. When...