19 matches found
Apache ActiveMQ < 5.19.2 / 6.0.x < 6.1.9 / 6.2.0 MQTT Control Packet Validation Vulnerability (CVE-2025-66168)
The version of Apache ActiveMQ running on the remote host is prior to 5.19.2, 6.0.x prior to 6.1.9, or 6.2.0. It is, therefore, affected by a vulnerability: - Apache ActiveMQ does not properly validate the remaining length field in MQTT control packets which may lead to an integer overflow during...
EUVD-2023-47957
Malicious code in bioql PyPI...
PT-2025-26641 · Texas Instruments · Texas Instruments Lp-Cc2652Rb Simplelink Cc13Xx Cc26Xx Sdk
Name of the Vulnerable Software and Affected Versions: Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK version 7.41.00.17 Description: An issue in the Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK allows attackers to cause a Denial of Service DoS via sending a crafted LL...
TheGreenBow Windows Certified VPN Client 安全漏洞
TheGreenBow Windows Certified VPN Client is a client VPN from TheGreenBow. A security vulnerability exists in TheGreenBow Windows Certified VPN Client. A remote attacker could exploit the vulnerability to execute arbitrary code via the IKEv2 authentication phase...
PT-2024-31747 · Thegreenbow · Thegreenbow Windows Standard Vpn Client +4
Name of the Vulnerable Software and Affected Versions: TheGreenBow Windows Standard VPN Client versions 6.87.108 and older TheGreenBow Windows Enterprise VPN Client versions 6.87.109 and older TheGreenBow Windows Enterprise VPN Client versions 7.5.007 and older TheGreenBow Android VPN Client...
CVE-2023-49328
On a Wolters Kluwer B.POINT 23.70.00 server running Linux on premises, during the authentication phase, a validated system user can achieve remote code execution via Argument Injection in the server-to-server module...
Symfony Security Vulnerabilities
Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from a user identifier not changing between the authentication phase and a successful login...
GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
PT-2021-12032 · Openvpn · Openvpn Access Server
Name of the Vulnerable Software and Affected Versions: OpenVPN Access Server versions 2.7.3 through 2.8.7 Description: The issue allows remote attackers to trigger an assert during the user authentication phase. This occurs when incorrect authentication token data is provided in an early phase of...
CVE-2019-7218
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app like google authenticator is able to bypass the first authentication phase username/password mechanism an...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...
httpd: ap_get_basic_auth_pw() authentication bypass
It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...
ALPINE-CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...
Apache Httpd < 2.2.34 : ap_get_basic_auth_pw() Authentication Bypass
Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...
Server: multiple memory leaks
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service memory consumption via vectors involving 1 the authentication / bind phase and 2 anonymous LDAP search...
H-Sphere WebShell 2.4 - Remote Command Execution
/ source: https://www.securityfocus.com/bid/6527/info A vulnerability has been discovered in H-Sphere Webshell. During the pre-authentication phase Webshell fails to perform sufficient bounds checking on user-supplied HTTP parameters. As a result, a malicious attacker may be able to trigger a...