8 matches found
UBUNTU-CVE-2024-53861
pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...
CVE-2019-1907
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...
CVE-2019-1907 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...
CVE-2019-1907 Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...
Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...
CVE-2011-1482
Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in mainfile.php in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts or 2 grant the administrative privilege to a user account, related to a...
DEBIAN-CVE-2010-1194
The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...