The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process, allowing attackers to execute a “man-in-the-middle” attack.

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

PT-2022-3284 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.8 Description: The issue is related to errors in authentication of the connection with a local Java service used to capture security key requests. An attacker with the ability to execute code on the...

The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, related to authentication errors, allows attackers to disclose sensitive information that is protected.

The vulnerability of the Guzzle client HTTP library, a programming language interpreter for PHP, is related to authentication errors. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the library...

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, related to authentication process errors, allows unauthorized access by attackers to protected information.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to authentication process errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected informatio...

PT-2022-2950 · Spacelogic +1 · Spacelogic C-Bus Application Controller +3

Name of the Vulnerable Software and Affected Versions: C-Bus Network Automation Controller - LSS5500NAC versions prior to V1.10.0 Wiser for C-Bus Automation Controller - LSS5500SHAC versions prior to V1.10.0 Clipsal C-Bus Network Automation Controller - 5500NAC versions prior to V1.10.0 Clipsal...

The vulnerability of the microprogrammed software of the Surface Pro 3 touchscreen display, related to authentication errors, allows a intruder to circumvent existing security restrictions.

The vulnerability of the microprogrammed sensor display software in the Surface Pro 3 is related to authentication errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability of the RubyGems.org hosting service, related to authentication errors, allows a perpetrator to gain access to create, modify, or delete data.

The vulnerability of the RubyGems.org hosting service is related to authentication errors during data copying. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to create, modify, or delete data...

The vulnerability of the Adobe Experience Manager content and media data management system, related to errors in authentication procedures, allows a perpetrator to trigger a service failure.

The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the Atlassian Confluence Server web server, related to authentication errors, allows a hacker to read arbitrary files.

The vulnerability of the Atlassian Confluence Server is related to authentication errors. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files...

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems is related to authentication errors. Exploiting this vulnerability allows a perpetrator to execute unauthorized code or commands using certain console command sequences like “print str” and “cmd...

The vulnerability of the net/http/httputil component in the Golang programming language allows a attacker to compromise data integrity.

The vulnerability of the net/http/httputil component in the Golang programming language is related to authentication errors. Exploiting this vulnerability allows an attacker to compromise data integrity...

The vulnerability of the Magento Commerce software platform for developing and managing online stores, related to authentication errors, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Magento Commerce development and management software platform is related to authentication errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the integration component of the Magento Commerce software development and management platform, related to authentication errors, allows attackers to bypass security functions and gain unauthorized access to protected information.

The vulnerability of the integration component of the Magento Commerce software development and management platform is related to authentication errors. Exploiting this vulnerability allows an attacker to bypass security functions and gain unauthorized access to protected information...

The vulnerability of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to execute arbitrary code with root privileges.

The vulnerability of the Zabbix universal monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges...

flynn/noise has improper nonce handling yielding potential state DoS

The Go package github.com/flynn/noise, a Noise Protocol implementation, has two bugs in nonce handling in versions prior to v1.0.0. Issue 1: Potential nonce overflow If 264 18.4 quintillion or more messages are encrypted with Encrypt after handshaking, the nonce counter will wrap around, causing...

The vulnerability of the Windows Extensible Firmware Interface in the Windows operating system allows a hacker to perform a system shutdown.

The vulnerability of the Windows Extensible Firmware Interface in the operating system Windows is related to authentication errors when accessing files in the EFI partition. Exploiting this vulnerability can allow an attacker to perform a denial-of-service attack...

PT-2022-4183 · Hewlett Packard · Hpe Oneview

Name of the Vulnerable Software and Affected Versions: HPE OneView versions prior to 6.6 Description: The issue is related to authentication errors in the HPE OneView IT infrastructure management system. Exploitation of this issue may allow an attacker to gain unauthorized access to protected...

The vulnerability of the Content Security Policy mechanism implemented in Google Chrome allows a violator to circumvent existing access restrictions policies.

The vulnerability of the Content Security Policy mechanism implemented by Google Chrome is related to authentication errors. Exploiting this vulnerability can allow a remote attacker to circumvent existing access control policies...

The vulnerability of the Squid caching proxy server, related to authentication errors, allows a hacker to carry out a type of “man-in-the-middle” attack.

The vulnerability of the Squid application is related to authentication errors. Exploiting this vulnerability allows a remote attacker to carry out a “man-in-the-middle” attack...

The vulnerability of Google Chrome’s browser QR scanner function, which allows a hacker to circumvent existing access restrictions

The vulnerability of the Google Chrome browser’s QR scanner is related to authentication errors. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions...