147 matches found
SUSE CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
MediaWiki 跨站脚本漏洞
MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki version 1.1 contains a cross-site scripting vulnerability, which stems from the ScratchLogin...
October 11, 2022—KB5018425 (OS Build 10240.19507) - EXPIRED
None None...
What the New OWASP Top 10 Changes Mean to You?
The Open Web Application Security Project OWASP recently updated its top 10 list of the most critical security risks to web applications after 4 years. It represents the most radical shake up since the list was introduced in 2003. The changes will undoubtedly have a big impact on how businesses...
KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2
KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serve...
May 19, 2022—KB5015013 (OS Build 20348.709) Out-of-band
None None...
KB5014991: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012
KB5014991: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a server o...
KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2
KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serv...
May 19, 2022—KB5015019 (OS Build 14393.5127) Out-of-band
None None...
CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog
CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations migh...
May 10, 2022—KB5014018 (Security-only update)
None None...
May 10, 2022—KB5014001 (Security-only update)
None None...
May 10, 2022—KB5014017 (Monthly Rollup)
None None...
May 10, 2022—KB5014011 (Monthly Rollup)
None None...
OWASP Top 10 Deep Dive: Identification and Authentication Failures
In the 2021 edition of the OWASP top 10 list, Broken Authentication was changed to Identification and Authentication Failures. This term bundles in a number of existing items like cryptography failures, session fixation, default login credentials, and brute-forcing access. Additionally, this...
November 9, 2021—KB5007247 (Monthly Rollup)
None None...
November 9, 2021—KB5007245 (Security-only update)
None None...
November 9, 2021—KB5007192 (OS Build 14393.4770) - EXPIRED
None None...
A user without PR can reset user authentication failures information
Impact The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights as it should have. Note that being able to reset the authentication failure record mean that an attacker with script right might...
CVE-2021-32729
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script right...