42 matches found
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
keycloak: Log Injection during WebAuthn authentication or registration
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...
GHSA-V5GJ-FX3G-HCPW SQL injection in Apache Submarine
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...
SQL injection in Apache Submarine
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...
CVE-2023-37924
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...
PT-2023-7514
Name of the Vulnerable Software and Affected Versions Keycloak version 22.0.5 Description A log injection flaw was found in Keycloak, related to the WebAuthn authentication mode. This issue allows a text string to be injected through the authentication form, which may have a minor impact on the...
CVE-2023-26593
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM manag...
CVE-2023-26593
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM manag...
Privilege escalation
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM manag...
Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information
Overview CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information CWE-312, CVE-2023-26593. Yokogawa Electric Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an attacker who can...
Design/Logic Flaw
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266NONOSSDK devices through 3.0.3, and ESP8266RTOSSDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encrypti...
CVE-2020-12638
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266NONOSSDK devices through 3.0.3, and ESP8266RTOSSDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encrypti...
DEBIAN-CVE-2019-10064
hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...
February 12, 2019—KB4487017 (OS Build 17134.590)
February 12, 2019—KB4487017 OS Build 17134.590 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that fails to set the LmCompatibilityLevel value correctly...
Description of Windows Small Business Server 2008 Update Rollup 4
Description of Windows Small Business Server 2008 Update Rollup 4 INTRODUCTION Windows Small Business Server Windows SBS 2008 Update Rollup 4 is now available. This rollup package addresses the following issues in Windows SBS 2008. Issue 1 You may be unable to rename and to join a computer that i...
CVE-2017-5178
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials...
CVE-2017-5178
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials...
CVE-2017-5178
An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials...
Description of Windows Small Business Server 2008 Update Rollup 6
Description of Windows Small Business Server 2008 Update Rollup 6 Summary Windows Small Business Server Windows SBS 2008 Update Rollup 6 is now available. This update addresses the following issues that were not previously documented in a Microsoft Knowledge Base KB article. Issue 1 A computer th...
Authentication Bypass
Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...