RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Apache Solr Operator liveness and readiness probes may leak basic auth credentials

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

CVE-2024-31391

Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for...

Apache Solr Operator 日志信息泄露漏洞

Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation. The product supports hierarchical search, vertical search, highlighting of search results, and more. A log information disclosure vulnerability exists in Apache Solr Operator versions 0.3.0 throug...

Schneider Electric Modicon M340 GoAhead Webserver Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2015-7937)

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. This plugin only works with Tenable.ot. Please visit...

BIT-GITLAB-2021-39890

It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...

Login form doesn't get disabled when option is disabled from authentication methods

h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...

Mobotix S14 Camera Cleartext Transmission of Sensitive Information (CVE-2019-7675)

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...

CVE-2023-29447

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

Design/Logic Flaw

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...

CVE-2023-29447

CVE-2023-29447 concerns an insubstantial protection of credentials in PTC Kepware KepServerEX, where the web server uses basic authentication. The Red Hat/NVD entries confirm the vulnerability in KepServerEX and describe that an attacker could capture credentials, potentially enabling a MitM scen...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Authentication flaw

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in versions prior to Forgejo 1.20.5-1 that stems from allowing two-factor authentication bypass when docker login is used with basic authentication...

PT-2023-31418 · Docker +1 · Docker +1

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows for 2FA bypass when docker login uses Basic Authentication. Recommendations: For versions prior to 1.20.5-1, update to version 1.20.5-1 or later to resolve the issue...

CVE-2023-49947

CVE-2023-49947 concerns Forgejo prior to 1.20.5-1, where using docker login with Basic Authentication enables a 2FA bypass. The core issue is a bypass of two-factor authentication when Basic Auth is used during Docker login. The CVE is reflected in multiple sources (NVD, Red Hat advisories, CVE l...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Incorrect Authorization

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...