69 matches found
CVE-2022-35957
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...
Unspecified Vulnerability in DUO Authentication Proxy
DUO Authentication Proxy is an application from DUO USA Inc. It is used for authentication proxies. A security vulnerability in the DUO Authentication Proxy installer prior to version 5.2.1, which stems from failure to properly validate a file installation path, can be exploited by an attacker to...
CVE-2021-1492
The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...
CVE-2021-1492
The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...
Authentication flaw
The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...
CVE-2021-1492 Duo Authentication Proxy Installer Denial of Service Vulnerability
The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...
CVE-2021-1492
The CVE-2021-1492 issue affects the Duo Authentication Proxy installer prior to version 5.2.1. The root cause is improper validation of file installation paths, allowing a local attacker to coerce the installer into writing to arbitrary privileged directories during new installations. Consequence...
CVE-2021-1492 Duo Authentication Proxy Installer Denial of Service Vulnerability
The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo...
DUO Duo Authentication Proxy 安全漏洞
DUO Authentication Proxy is an application from DUO USA Inc. It is used for authentication proxies. A security vulnerability in the DUO Authentication Proxy installer prior to version 5.2.1, which stems from failure to properly validate a file installation path, can be exploited by an attacker to...
RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2016:1605)
An update is now available for Red Hat OpenShift Enterprise 3.1 and Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
CVE-2015-0607
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a...
CVE-2015-0607
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a...
CVE-2015-0607
The CVE-2015-0607 issue affects Cisco IOS Authentication Proxy by mishandling unsupported AAA return codes from RADIUS/TACACS+ servers, enabling a remote attacker to bypass authentication (e.g., with a blank password). The root cause is improper processing of invalid AAA codes by the Authenticati...
Unspecified Vulnerability in Cisco IOS Authentication Proxy Function
Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in the Authentication Proxy feature of Cisco IOS, which stems from the program's failure to properly handle invalid Authentication, Authorization, and Accounting AAA return codes originati...
Cisco IOS Software Authentication Proxy Bypass Vulnerability
A vulnerability in the Authentication Proxy feature of Cisco IOS Software could allow a remote attacker to bypass the authentication. The vulnerability is due to the incorrect processing of unsupported Authentication, Authorization, and Accounting AAA return codes from the AAA feature by the...
CVE-2013-1150
The authentication-proxy implementation on Cisco Adaptive Security Appliances ASA devices with software 7.x before 7.25.10, 8.0 before 8.05.31, 8.1 and 8.2 before 8.25.38, 8.3 before 8.32.37, 8.4 before 8.45.3, 8.5 and 8.6 before 8.61.10, 8.7 before 8.71.4, 9.0 before 9.01.1, and 9.1 before 9.11....
CVE-2013-1150
CVE-2013-1150 affects Cisco ASA/ASA-enabled devices via the authentication-proxy component. The DoS flaw allows remote attackers to trigger a device reload with a crafted URL, impacting ASA software versions across multiple trainings: 7.x before 7.2(5.10), 8.0 before 8.0(5.31), 8.1–8.2 before 8.2...
CVE-2013-1150
The authentication-proxy implementation on Cisco Adaptive Security Appliances ASA devices with software 7.x before 7.25.10, 8.0 before 8.05.31, 8.1 and 8.2 before 8.25.38, 8.3 before 8.32.37, 8.4 before 8.45.3, 8.5 and 8.6 before 8.61.10, 8.7 before 8.71.4, 9.0 before 9.01.1, and 9.1 before 9.11....
PT-2013-2918 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA devices with software versions prior to 7.25.10 Cisco Adaptive Security Appliances ASA devices with software versions 8.0 prior to 8.05.31 Cisco Adaptive Security Appliances ASA devices with software...
Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
This module exploits a stack buffer overflow in process bcaaa-130.exe port 16102, which comes as part of the Blue Coat Authentication proxy. Please note that by default, this exploit will attempt up to three times in order to successfully gain remote code execution in some cases, it takes as many...