9 matches found
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses...
Debian DLA-2773-1 : curl - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2773 advisory. Two issues have been found in curl, a command line tool and an easy-to-use client-side library for transferring data with URL syntax. CVE-2021-22946 Crafted answer...
CVE-2009-0368
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a 1 low level APDU command or 2 debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 69 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 69.0.3497.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...
Design/Logic Flaw
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process...
Authentication flaw
IBM Tivoli Federated Identity Manager TFIM and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization...
CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
Dada Mail < 4.0.2 List Membership Requirement Bypass
Binary data 5294.prm...