515 matches found
CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...
MGASA-2025-0272 Updated strongswan packages fix security vulnerability
Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. CVE-2025-62291...
CVE-2025-54970
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...
PT-2025-43990
Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description The SOCET GXP Job Status Service does not properly authenticate requests. This can allow remote or local users to perform actions, such as aborting jobs or reading information, without the...
CVE-2025-54970
BAE Systems SOCET GXP prior to version 4.6.0.2 contains a vulnerability in the Job Status Service where requests are not authenticated. In affected configurations, remote or local users may abort jobs or read information without the job owner’s permissions. The issue is documented across multiple...
Siemens SIMATIC ET 200SP Communication Processors Missing Authentication For Critical Function (CVE-2025-40771)
Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900...
EUVD-2025-36207
An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...
CVE-2025-55067
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...
CVE-2025-55067
The CVE concerns Veeder-Root TLS4B Automatic Tank Gauge (ATG) System and describes an integer wraparound/overflow when Unix time reaches the 2038 epoch. The core issue is improper handling of times beyond January 19, 2038, causing the system clock to roll back to December 13, 1901. Consequences d...
CVE-2025-55067 Integer Overflow or Wraparound in Veeder-Root TLS4B Automatic Tank Gauge System
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system functionalities such as login access, history...
CVE-2025-34155
Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...
EUVD-2025-35702
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication
OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...
OESA-2025-2427 fetchmail security update
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...
EUVD-2021-14222
Malware in sbrugna...
EUVD-2007-4619
Malware in sbrugna...
EUVD-2017-7239
Malware in sbrugna...
EUVD-2020-30349
Malware in sbrugna...
EUVD-2016-7935
Malware in sbrugna...
EUVD-2009-1821
Malware in sbrugna...