325 matches found
CVE-2021-29725
CVE-2021-29725 affects IBM Secure External Authentication Server (versions 2.4.3.2, 6.0.1, 6.0.2) and IBM Secure Proxy (versions 3.4.3.2, 6.0.1, 6.0.2). The issue is a resource leak that could allow a remote attacker to exhaust resources and cause a denial of service. Connected IBM advisories ide...
CVE-2021-29725
IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...
PT-2021-18449 · Ibm · Ibm Secure Proxy +1
Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server version 6.0.2 IBM Secure Proxy version 6.0.2 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or...
PT-2021-18433 · Ibm · Ibm Secure Proxy +1
Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server versions 2.4.3.2, 6.0.1, 6.0.2 IBM Secure Proxy versions 3.4.3.2, 6.0.1, 6.0.2 Description: The issue allows a remote user to consume resources, causing a denial of service due to a resource leak...
CVE-2020-14380
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...
Design/Logic Flaw
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...
PT-2021-9722 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite versions 6.7.2 and later Description: A flaw was discovered that allows an account takeover. An attacker with proper authentication to an external authentication source, such as SSO or Open ID, can claim the privileges of...
CVE-2021-32651
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The...
Insecure Access Control
The team sync HTTP API in Grafana Enterprise has an insecure Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can b...
CVE-2021-24166
The wpajaxnfoauthdisconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...
Grafana 7.4.0-beta1 < 7.4.5 Access Control Bypass Vulnerability
Grafana is prone to an access control bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Grafana 6.1.0-beta1 - 7.4.3 Access Control Bypass Vulnerability
Grafana is prone to an access control bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...
Design/Logic Flaw
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...
CVE-2021-28147
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...
CVE-2021-28146
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team...
PT-2021-17773 · Grafana +2 · Grafana Enterprise +3
Name of the Vulnerable Software and Affected Versions: Grafana Enterprise versions 6.x through 6.7.5 Grafana Enterprise versions 7.x through 7.3.9 Grafana Enterprise versions 7.4.x through 7.4.4 Description: The team sync HTTP API in Grafana Enterprise presents an Incorrect Access Control issue. ...
PYSEC-2021-50
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...
PYSEC-2021-54
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...