RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - Apache Tomcat 5.5.0 through...

GHSA-H7V2-2QWG-H829 Symfony has a security issue when parsing the Authorization header

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

PT-2024-10558 · Symfony · Symfony Httpfoundation

Name of the Vulnerable Software and Affected Versions: Symfony HttpFoundation component versions 2.0.X through 2.5.X Description: The issue arises when an application uses HTTP basic or digest authentication, and the Authorization header is not parsed properly by Symfony, potentially allowing...

DRUPAL-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Apache Solr Operator liveness and readiness probes may leak basic auth credentials

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

CVE-2024-31391

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

Apache Solr Operator 日志信息泄露漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation. The product supports hierarchical search, vertical search, highlighting of search results, and more. A log information disclosure vulnerability exists in Apache Solr Operator versions 0.3.0 throug...

Schneider Electric Modicon M340 GoAhead Webserver Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-7937)

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. This plugin only works with Tenable.ot. Please visit...

BIT-GITLAB-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

Login form doesn't get disabled when option is disabled from authentication methods

h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...

Mobotix S14 Camera Cleartext Transmission of Sensitive Information (CVE-2019-7675)

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

Design/Logic Flaw

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

CVE-2023-29447

CVE-2023-29447 concerns an insubstantial protection of credentials in PTC Kepware KepServerEX, where the web server uses basic authentication. The Red Hat/NVD entries confirm the vulnerability in KepServerEX and describe that an attacker could capture credentials, potentially enabling a MitM scen...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Authentication flaw

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in versions prior to Forgejo 1.20.5-1 that stems from allowing two-factor authentication bypass when docker login is used with basic authentication...