A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as anot...

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the chan...

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an un...

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are...

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift C...