131 matches found
CVE-2018-8635
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,...
DEBIAN-CVE-2018-15599
The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...
FreeBSD : salt -- multiple vulnerabilities (50127e44-7b88-4ade-8e12-5d57320823f1)
SaltStack reports : Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost [email protected]. NOTE: this...
SaltStack Salt Denial of Service Vulnerability
SaltStack Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete t...
Cross site request forgery (csrf)
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...
CVE-2017-14696
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...
CVE-2017-14696
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...
UBUNTU-CVE-2017-14696
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...
openSUSE Security Update : salt (openSUSE-2017-1182)
Salt was updated to 2017.7.2 and also to fix various bugs and security issues. See https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html for full changelog. Security issues fixed : - CVE-2017-14695: A directory traversal during minion id validation was fixed. boo1062462 -...
Soffid IAM console arbitrary code execution vulnerability
Soffid IAM console is a distributed Identity Manager console program that supports SQL-based and file-based authentication for both web and natively-based applications. A security vulnerability exists in Soffid IAM console version 1.7.4 and earlier. A remote attacker can exploit the vulnerability...
CVE-2017-6683
A vulnerability in the esclistener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More...
CVE-2017-9363
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...
CVE-2017-9363
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...
SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)
This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed : - CVE-2017-3308: Unspecified vulnerability in Server: DML bsc1034850 - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer bsc1034850 - CVE-2017-3329: Unspecified vulnerability in...
NetIQ Access Manager Cross-Site Scripting Vulnerability (CNVD-2017-06744)
NetIQ Access Manager provides a simple, secure, and scalable solution for handling Web access requirements. A cross-site scripting vulnerability exists in the AssertionConsumerServiceURL field of a signed AuthnRequest in the samlp:AuthnRequest document for NetIQ Access Manager. A remote attacker...
CVE-2017-5183
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document...
F5 Networks BIG-IP : TMM SSO plugin vulnerability (K95444512)
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider SP connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an...
Error: "An authentication request was made before establishing a web session"
When going through the NetScaler, the following error is seen in the Event Viewer: An authentication request was made before establishing a web session. This typically occurs when sticky load-balancing between client and StoreFront is misconfigured...
Medium: krb5
Issue Overview: A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi could call the gssprocesscontexttoken function and use this flaw to crash that...
Amazon Linux AMI : xorg-x11-server (ALAS-2015-470)
Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially...