12 matches found
CVE-2025-47889
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist...
Apache Tomcat 9.0.0.M1 < 9.0.46
The version of Tomcat installed on the remote host is prior to 9.0.46. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.46security-9 advisory. - A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a val...
Mozilla Firefox Code Execution Vulnerability (CNVD-2024-37193)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that stems from the fact that if a JavaScript realm is being initialized when garbage collection begins, it could lead to reuse after release...
Design/Logic Flaw
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
The vulnerability of the Apache Tomcat application server’s Realm implementation, related to information disclosure due to mismatches, allows attackers to determine all existing user names.
The vulnerability of the Apache Tomcat application server’s Realm implementation is related to the exposure of information through mismatches. Exploiting this vulnerability allows a remote attacker to discover all existing user names...
GHSA-WXCP-F2C8-X6XV Observable Discrepancy in Apache Tomcat
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...
PT-2021-3584
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.65 Apache Tomcat versions 9.0.0.M1 through 9.0.45 Apache Tomcat versions 10.0.0-M1 through 10.0.5 Description A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using...
Gentoo Security Advisory GLSA 200404-09 (heimdal)
The remote host is missing updates announced in advisory GLSA 200404-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian Security Advisory DSA 476-1 (heimdal)
The remote host is missing an update to heimdal announced via advisory DSA 476-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 476-1] New heimdal packages fix cross-realm vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 476-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 6th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 476-1] New heimdal packages fix cross-realm vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 476-1 [email protected] http://www.debian.org/security/ Matt Zimmerman April 6th, 2004 http://www.debian.org/security/faq -...
DSA-476 heimdal - cross-realm
Bulletin has no description...