CVE-2021-46390

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

CVE-2021-46390

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

CVE-2021-46390

CVE-2021-46390 – Lexar_F35 v1.0.34 exhibits an access-control flaw in the authentication module of a Lexar USB flash drive. The vulnerability allows a local attacker with physical access to bypass password authentication by analyzing and manipulating the returned password verification/comparison ...

CVE-2021-46390

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

Lexar_F35 授权问题漏洞

LexarF35 is a USB flash drive from Lexar Corporation. A security vulnerability exists in LexarF35 version 1.0.34, which originates from an access control issue in the authentication module. The vulnerability can be exploited by an attacker to access sensitive data and cause a denial of service Do...

PT-2022-13489 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue concerns improper authorization handling in installations that use PAM as authentication sources. Expired PAM accounts and accounts with expired passwords are continued to be seen as valid...

CVE-2020-23055

ANCOM WLAN Controller Wireless Series & Hotspot WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the /authen/start/ module via the userid and password parameters...

Best Practical Request Tracker 信息泄露漏洞

Best Practical Request Tracker is an event tracking system written in Perl. An information disclosure vulnerability exists in Best Practical Request Tracker because the product does not securely manage the lib/RT/REST2/Middleware/Auth.pm file. An attacker can cause sensitive information to be...

The vulnerability of the PAM-U2F authentication module stems from deficiencies in the authentication process. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the PAM-U2F authentication module is related to incorrect handling of NULL values. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

openSUSE 15 Security Update : apache2-mod_auth_openidc (openSUSE-SU-2021:3020-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3020-1 advisory. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party...

CVE-2021-39191

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of modauthopenidc was reported to ...

mod_auth_mellon 输入验证错误漏洞

modauthmellon is an authentication module used in Apache. A security vulnerability exists in modauthmellon. The vulnerability stems from mod auth mellon not properly clearing the logout url, which can be exploited by an attacker to trick a user into visiting a spoofed trusted web application URL...

AZL-6482 CVE-2021-32792 affecting package httpd for versions less than 2.4.52-1

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, there is an XSS vulnerability in when using OIDCPreservePost ...

UBUNTU-CVE-2021-32786

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

mod_auth_openidc 输入验证错误漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. Previous versions of modauthopenidc were vulnerable to an input validation...

CVE-2021-32786 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, oidcvalidateredirecturl does not parse URLs the same way as most browsers...

Solaris SunSSH 11.0 Remote Root

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...

Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit (3)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based buffer overflow...

Solaris SunSSH 11.0 x86 - libpam Remote Root (3)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...

[SECURITY] [DLA 2687-1] prosody security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2687-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 15, 2021 https://wiki.debian.org/LTS -...