Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site.
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation I...
In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signa...
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report fun...
TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.
lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate cha...
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is ...