13 matches found
CLSA-2026-1779368985 opensc: Fix of CVE-2023-40660
CVE-2023-40660: fix potential PIN bypass when card tracks its own login state...
CVE-2026-33935
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
CVE-2026-33935
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
CVE-2026-33935
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
CVE-2026-33935
CVE-2026-33935 (MyTube) : The self-hosted MyTube app allows three publicly accessible password-verification endpoints that share a single file-backed login state (login-attempts.json). When a failed attempt is recorded via recordFailedAttempt(), the global failedAttempts counter and cooldown time...
CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
Opensc: potential pin bypass when card tracks its own login state
...
OpenSC: Potential PIN bypass when card tracks its own login state
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...
OpenSC: Potential PIN bypass when card tracks its own login state
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...
CVE-2023-40660 Opensc: potential pin bypass when card tracks its own login state
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...
OESA-2023-1767 opensc security update
OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...
CVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...
CVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...