8 matches found
Fortra GoAnywhere MFT - Authentication Bypass
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. id: CVE-2024-0204 info: name: Fortra GoAnywhere MFT - Authentication Bypass author: DhiyaneshDK severity: critical description: | Authentication bypas...
ROS-20260609-73-0010
The vulnerability of the ngxquicmodule module in NGINX Plus and NGINX Open Source web servers relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Security update for pam_pkcs11
This update for pampkcs11 fixes the following issues: CVE-2025-24032: default value for certpolicy none allows for authentication bypass bsc1237062. CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash bsc1237058. Patch...
puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...
CVE-2024-45622
ASIS (Aplikasi Sistem Sekolah) built on CodeIgniter 3 versions 3.0.0–3.2.0 is affected by a SQL injection in the index.php handling of the username parameter, enabling an authentication bypass. The issue arises from improper handling of user input leading to unauthenticated access (CWE-89). The C...
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio...
Authentication Bypass
gdm3 is vulnerable to timing attacks. The vulnerability exists through a race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication...
CVE-2018-21263
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response...