34 matches found
Design/Logic Flaw
Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...
VulnCheck KEV: CVE-2023-22620
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...
CVE-2023-22620
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...
SUSE CVE-2010-0283
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid 1 AS-REQ or 2 TGS-REQ request...
SUSE CVE-2011-1720
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...
CVE-2021-44848
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...
Design/Logic Flaw
The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
Design/Logic Flaw
The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...
CVE-2019-9496 An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...
CVE-2019-9496
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...
CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...
CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...
DEBIAN-CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...
CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...