CVE-2022-1989

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users...

Information disclosure

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users...

CVE-2022-35929

A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signature and when there are no attestations of the type being verified for example, —type defaults to...

CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...

[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-test-0.2.0-12.20210108git9767d20.fc36

Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...

USN-5527-2 check-mk vulnerabilities

USN-5527-1 fixed vulnerabilities in Checkmk. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information...

Validation check for payFYToken and payBase functions to allow only valid users.

Lines of code Vulnerability details Impact This will prevent from calling the functions by invalid users. Unnecessary condition verification. Proof of Concept Tools Used Manual code review Recommended Mitigation Steps At the start of the functions, add validation check such that only the user who...

CVE-2022-23172

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not...

Password Reset Allows For User Email Enumeration

Description The password reset function at the login page responds to valid and invalid emails in the application. Submitting an invalid email result in "The e-mail address is not assigned to any user account." A valid response results in a message stating an email has been sent. Proof of Concept...

MELAG FTP Server Authentication Error Vulnerability

MELAG FTP Server is an FTP server from the German company MELAG. version 2.2.0.4 of MELAG FTP Server is vulnerable to an authentication error, which stems from incomplete authentication checks. A remote attacker could exploit the vulnerability to access local files with a valid username...

CVE-2022-23172

An attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not...

CVE-2021-41638

The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username...

CVE-2021-41634

A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

Default credentials

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

UBUNTU-CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

CLSA-2022-1653329020 Fix CVE(s): CVE-2022-1629, CVE-2022-1616, CVE-2022-1620, CVE-2022-1621, CVE-2022-1619

SECURITY UPDATE: Going before the start of the command line - debian/patches/CVE-2022-1619.patch: Check already being at the start of the command line - CVE-2022-1619 SECURITY UPDATE: NULL pointer access when using invalid pattern - debian/patches/CVE-2022-1620.patch: Check for failed regexp...

10 ways attackers gain access to networks

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used to gain leverage: 1. Public facing...

Exposure of Sensitive Information to an Unauthorized Actor in JGroup

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...