33 matches found
Siemens Mendix 安全漏洞
Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in Siemens Mendix Runtime, which stems from the affected application's authentication...
ROS-20240816-01
A vulnerability in the Portainer container management platform is related to a difference in authentication user authentication response time. Exploitation of the vulnerability could allow an attacker acting remotely to determine whether a username is valid or invalid. remotely, whether the...
UBUNTU-CVE-2024-42255
In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...
GHSA-FJR2-R2MP-484P Duplicate Advisory: SimpleSAMLphp signature validation bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...
Duplicate Advisory: SimpleSAMLphp signature validation bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...
CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...
Design/Logic Flaw
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...
CVE-2021-36367
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...
PT-2021-4019 · Putty +1 · Putty +1
Name of the Vulnerable Software and Affected Versions: PuTTY versions through 0.75 Description: The issue is related to insufficient authentication data verification in the implementation of the SSH protocol in PuTTY. This can allow a remote attacker to gain unauthorized access to protected...
Broadcom: Stack buffer overflow when handling 802.11r (FT) authentication response (CVE-2017-6975)
Detailed analysis of reference : the https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi4.html the first part https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi11.html Part II Broadcom produces the Wi-Fi HardMAC SoCs which are used to...
Authentication flaw
The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances ASA 5500 series devices, and the ASA Services Module ASASM in Cisco Catalyst 6500 series devices, with software 8.2 before 8.25.30 and 8.3 before 8.32.34 allows remote attackers to cause a denial of...
PT-2012-5529 · Cisco · Cisco Asa +2
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.2 before 8.25.30 Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.3 before 8.32.34 ASA Services Module ASASM in Cisco Catalyst 6500 series devices...
Check Point VPN-1 SecuRemote Flaw
Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 4185 VPN+Strong for Windows 2000 4.1 SP4 4185 VPN+Strong for Windows NT Description: During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed...