CVE-2021-31408 Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Insecure Session Management

flow-server uses an insecure session management. The server session is not invalidated when the logout helper method of Authentication module is used via a HTTP GET request...

GHSA-6HGR-2G6Q-3RMC Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

GHSA-MR8H-J9CV-4M8H Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19

Authentication.logout helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 Vaadin 18, and 6.0.0 through 6.0.4 Vaadin 19.0.0 through 19.0.3 uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the...

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to induce a service failure.

The vulnerability of the MySQL Server component’s PAM Auth Plugin is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...

Oracle MySQL Server 安全漏洞

Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the Server: PAM Auth Plugin component in Oracle MySQL Server 5.7.32 and...

CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

Code injection

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

CVE-2020-14871

CVE-2020-14871 is a pre-authentication stack-based buffer overflow in the Solaris PAM library (parse_user_name) that can be triggered via SSH keyboard-interactive authentication. Affected: Oracle Solaris (versions including 10 and 11; some Solaris 9/11.0 configurations listed in sources). Root ca...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_24_75_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon t...

Oracle Solaris Critical Patch Update : oct2020_SRU11_3_36_23_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows...

PT-2020-4751 · Oracle · Oracle Solaris

Name of the Vulnerable Software and Affected Versions: Oracle Solaris versions 10 and 11 Description: The issue is related to a buffer overflow vulnerability in the Pluggable authentication module of Oracle Solaris, which can be exploited by an unauthenticated attacker with network access via...

The vulnerability of the SSOAuth software process of the Senstar Symphony video surveillance management platform allows a intruder to execute arbitrary code.

The vulnerability of the SSOAuth software component in the Senstar Symphony video surveillance management platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

SUSE-SU-2020:2648-1 Security update for SUSE Manager 3.2

This update for SUSE Manager 3.2 fixes the following issues: salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form bsc1175884, CVE-2020-8028 spacewalk-java: - Use the Salt API in authenticated and...

SUSE-SU-2020:2647-1 Security update for for SUSE Manager 4.1

This update for SUSE Manager 4.1 fixes the following issues: google-gson: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-client: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages...

UBUNTU-CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

pam_tacplus Log Message Disclosure Vulnerability

pamtacplus is a PAM module for authenticating users via TACACS + Terminal Access Controller Access Control System from Pawe Krawczyk Software Developers in the UK. A log information disclosure vulnerability exists in the support.c file in pamtacplus versions 1.3.8 through 1.5.1, which can be...

Linux: SSH UsePAM

UsePAM Enables the Pluggable Authentication Module interface. If set to SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...