OET-213H-BTS1 missing authorization check in the initial configuration

Overview OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when...

uverif Security Vulnerabilities

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif version v.2.0, which stems from the presence of a sensitive information disclosure vulnerability...

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

CVE-2023-45669

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter val...

The vulnerability of the WebAuthn authentication mechanism in the Keycloak software for managing identification and access allows a perpetrator to influence the integrity of the protected information.

The vulnerability of the WebAuthn authentication mechanism for Keycloak’s identity management and access control lies in the improper processing of output data for registration logs. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the protected informatio...

PT-2023-7514

Name of the Vulnerable Software and Affected Versions Keycloak version 22.0.5 Description A log injection flaw was found in Keycloak, related to the WebAuthn authentication mode. This issue allows a text string to be injected through the authentication form, which may have a minor impact on the...

SUSE CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

Webauthn-Framework Authorization Issues Vulnerability

Webauthn-Framework is an authentication mechanism. It is used by Web applications to create and use strong, proven, scoped, public-key based credentials for strong authentication of users. An authorization issue vulnerability exists in Webauthn-Framework that stems from improper handling of...

PTC Kepware KEPServerEX Security Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and prior versions, which stems from the Web server's use of basic authentication to protect user credentials, and can be...

CVE-2023-31424 Web authentication and authorization bypass

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization...

CVE-2023-31424 Web authentication and authorization bypass

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization...

CVE-2023-31424 - Web authentication and authorization bypass

Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...

SAMSUNG Members Security Breach

SAMSUNG Members is a community platform app from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Members version 14.0.07.1, which stems from the presence of an incorrect URL authentication vulnerability that could allow an attacker to access sensitive...

Rocket.Chat Authorization Issues Vulnerability (CNVD-2023-40581)

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an authorization issue vulnerability that stems from the fact that editing a message can change the original timestamp, causing the UI to display the messages in the wrong order. An attacker could use this vulnerability to...

SUSE CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

SUSE CVE-2016-2313

authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...

SUSE CVE-2016-10700

authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...

SUSE CVE-2018-18820

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution...

SUSE CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...