Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a privilege authentication vulnerability in the wpasupplicant module. No detailed...

pam: allowing unprivileged user to block another user namespace

A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in protectdir to...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

PT-2024-1375

Name of the Vulnerable Software and Affected Versions linux-pam versions prior to 1.6.0 Description The issue is related to the protect dir function in the pam namespace module of Linux-PAM, which is associated with incorrect resource cleanup or release. This can allow a remote attacker to cause ...

PT-2023-31876 · Unknown · Audiobookshelf

Name of the Vulnerable Software and Affected Versions: Audiobookshelf versions prior to 2.7.0 Description: Audiobookshelf is a self-hosted audiobook and podcast server. The issue is related to an unauthenticated blind server-side request SSRF vulnerability in Auth.js. This vulnerability has been...

PT-2023-31169 · Wolters Kluwer · Wolters Kluwer B.Point

Name of the Vulnerable Software and Affected Versions: Wolters Kluwer B.POINT version 23.70.00 Description: The issue allows a validated system user to achieve remote code execution via Argument Injection in the server-to-server module during the authentication phase. Recommendations: For version...

USN-6474-1 xrdp vulnerabilities

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822 It was...

mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character

An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...

CVE-2023-41348

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...

Command injection

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...

CVE-2023-41348 ASUS RT-AX55 - command injection - 4

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt th...

ASUS RT-AX55 Security Breach

The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering issue in the token-refresh module of authentication-related functions. An attacker can exploit this vulnerability to...

ASUS RT-AX55 Security Breach

The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering issue in the code-authentication module of the authentication-related functions. The vulnerability can be exploited ...

SUSE CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

CVE-2023-44096

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality...

PT-2023-29107 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Device authentication module affected versions not specified Description: The issue concerns a vulnerability to brute-force attacks on the device authentication module. Successful exploitation may affect service confidentiality...

DRUPAL-CONTRIB-2023-045

This module enables users to log in by email address with minimal configurations. Drupal core contains protection against brute force attacks via a flood control mechanism. This module's functionality did not replicate the flood control, enabling brute force attacks...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Cisco NX-OS Software NX-API Arbitrary Code Execution (CVE-2018-0301)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...