CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Authentication flaw

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

PT-2023-31418 · Docker +1 · Docker +1

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows for 2FA bypass when docker login uses Basic Authentication. Recommendations: For versions prior to 1.20.5-1, update to version 1.20.5-1 or later to resolve the issue...

CVE-2023-49947

CVE-2023-49947 concerns Forgejo prior to 1.20.5-1, where using docker login with Basic Authentication enables a 2FA bypass. The core issue is a bypass of two-factor authentication when Basic Auth is used during Docker login. The CVE is reflected in multiple sources (NVD, Red Hat advisories, CVE l...

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in versions prior to Forgejo 1.20.5-1 that stems from allowing two-factor authentication bypass when docker login is used with basic authentication...

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

Incorrect Authorization

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

CVE-2023-46383

LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

PT-2023-29992 · Loytec Electronics Gmbh · Linx Configurator

Name of the Vulnerable Software and Affected Versions: LOYTEC electronics GmbH LINX Configurator all versions Description: The issue concerns the use of HTTP Basic Authentication in the LINX Configurator, which transmits usernames and passwords in base64-encoded cleartext. This allows remote...

CVE-2023-46383

LOYTEC electronics GmbH LINX Configurator all versions uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration...

CVE-2023-45484

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic...

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets Vulnerability

CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets

CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...

PT-2023-9659 · Mendix · Mendix Runtime

Name of the Vulnerable Software and Affected Versions: Mendix Runtime V10 versions prior to V10.17.0 Mendix Runtime V10.12 versions prior to V10.12.11 Mendix Runtime V10.6 versions prior to V10.6.19 Mendix Runtime V8 versions prior to V8.18.33 Mendix Runtime V9 versions prior to V9.24.31...

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

CVE-2023-48309 next-auth vulnerable to possible user mocking that bypasses basic authentication

NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth...

OSV-2023-1174 Stack-buffer-overflow in std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64237 Crash type: Stack-buffer-overflow READ 5 Crash state: std::1::basicstring, std::1::allocatorch pcpp::NtpLayer::getReferenceIdentifierString readParsedPacket...

PT-2023-30527 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: Pimcore versions prior to 11.1.1 Description: The issue allows backend users with basic permissions to execute arbitrary SQL statements by passing input directly into an SQL statement through the /admin/object/grid-proxy endpoint. This is due...

PT-2023-20279 · Intel · Intel Processors

Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to an out-of-bounds read in the BIOS firmware for some IntelR Processors. This may allow an authenticated user to potentially enable escalation of privilege v...

PT-2023-27005 · Ami · Ami Aptiov

Name of the Vulnerable Software and Affected Versions: AMI AptioV affected versions not specified Description: The issue is related to improper input validation in the BIOS of AMI AptioV, which can be exploited via the local network. A successful exploit may result in a loss of confidentiality,...