EUVD-2024-51504

Malicious code in bioql PyPI...

EUVD-2021-30241

Malicious code in bioql PyPI...

CVE-2024-13291

CVE-2024-13291 concerns Drupal’s Basic HTTP Authentication module. Affected versions are 7.X-1.0 through 7.X-1.3 (and 7.X-1.0 to 7.X-1.3 per PT-2024-10484) with the issue arising from insufficient authorization, enabling forceful browsing (an access-bypass scenario). The vulnerability is fixed in...

CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

GHSA-R3FQ-CMMW-CPMM Containous Traefik Exposes Password Hashes

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control which is contrary to the API documentation, allows remote authenticated users to discover password hashes by reading the Basic HTT...

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

lighttpd -- Log injection vulnerability in mod_auth

MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...