GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability

The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...

CVE-2022-35290

CVE-2022-35290 corresponds to an information-disclosure issue in SAP Authenticator for Android. The available documents consistently describe that under certain conditions an attacker could access information that should be restricted. The NVD entry lists a CVSS v3.1 base score of 7.5 (HIGH), wit...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

CVE-2022-35290

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted...

SAP Authenticator 信息泄露漏洞

SAP Authenticator is a mobile application from SAP Germany that generates passwords for systems that require one-time password authentication. SAP Authenticator suffers from an information disclosure vulnerability. No information about this vulnerability is available at this time, so please stay...

WordPress Plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Fedora: Security Advisory for golang-sigs-k8s-aws-iam-authenticator (FEDORA-2022-5038c3236c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:2583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The initial work on this tool was driven by Heptio. The project receives contributions from multiple community engineers and is currently maintained by Heptio and Amazon EKS OSS Engineers...

openSUSE: Security Advisory for aws-iam-authenticator (SUSE-SU-2022:2583-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : aws-iam-authenticator (SUSE-SU-2022:2583-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2583-1 advisory. - A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and...

SUSE-SU-2022:2583-1 Security update for aws-iam-authenticator

This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass bsc1201395...

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

Code injection

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

CVE-2022-2193

HYPR Server contains an Insecure Direct Object Reference (IDOR) in the Device Manager page. Remote authenticated attackers can tamper parameters to add a FIDO2 authenticator to arbitrary accounts. Affected: HYPR Server versions prior to 6.14.1. Remediation: upgrade to 6.14.1 or later.

CVE-2022-2193

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1...

HYPR Server 安全漏洞

HYPR Server is a server from HYPR, Inc. A security vulnerability exists in HYPR Server versions prior to 6.14.1 that stems from an insecure direct object reference vulnerability that allows remote authentication attackers to tamper with parameters in the Device Manager page that would add a FIDO2...

CVE-2022-22304

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...

CVE-2022-22304

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests...