Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-3153: [ovs-announce] [ADVISORY] CVE-2023-3153 OVN: Service monitor MAC flow is not rate limited

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVE
Open in Source
#vulnerability#mac#red_hat#dos#git#perl#auth
CVE-2023-44208

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.

CVE-2023-3038: Multiple Vulnerabilities Helpdezk Community | INCIBE-CERT

SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.

CVE-2023-1584: Encrypt OIDC session cookie value by default by sberyozkin · Pull Request #32192 · quarkusio/quarkus

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.

CVE-2023-2422: cve-details

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.

CVE-2023-4997: Podatność w oprogramowaniu Uptime DC

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.

CVE-2023-3701: Relative Path Traversal Aqua Esolutions | INCIBE-CERT

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.

CVE-2023-37995: WordPress WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.

CVE-2023-25980: WordPress Optimize Database after Deleting Revisions plugin <= 5.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.