Lucene search
+L

160 matches found

Positive Technologies
Positive Technologies
added 2024/09/12 12:0 a.m.12 views

PT-2024-39226 · Unknown +2 · Msc800 Lft +2

Name of the Vulnerable Software and Affected Versions: MSC800 versions prior to V4.26 MSC800 LFT versions prior to S2.93.20 Description: A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET, which can lead to Denial of Service...

7.5CVSS7.2AI score0.00926EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.6 views

SICK MSC800 安全漏洞

The SICK MSC800 is a programmable logic controller PLC from SICK, Germany. A security vulnerability exists in the SICK MSC800 version 4.26 and SICK MSC800 LFT S version 2.93.20, which originates from a denial of service that allows an unauthenticated attacker to modify the IP address of the produ...

7.5CVSS6.7AI score0.00926EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/08/05 12:0 a.m.10 views

The vulnerability of the admin_compliance_framework function in the Group Namespace URL Handler component of the software platform based on Git, which allows a violator to modify the group’s URL address.

The vulnerability of the admincomplianceframework function in the Group Namespace URL Handler component of the software platform based on Git for collaborative code development in GitLab is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to modi...

6.8CVSS5.8AI score0.0042EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.5 views

PT-2024-37278 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw in the LDAP testing endpoint allows an attacker with admin access to change the LDAP host URL to a machine they control, potentially leaking domain credentials. This can be achieved...

2.7CVSS6.4AI score0.00649EPSS
Exploits0References20
BDU FSTEC
BDU FSTEC
added 2024/04/12 12:0 a.m.6 views

The vulnerability of the implementations of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon allows attackers to circumvent security restrictions and gain access to user accounts.

The vulnerability of the implementation of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon is related to deficiencies in the authentication process due to changes in the email address during login to the system. Exploiting thi...

4.2CVSS5.5AI score0.00477EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/29 4:53 p.m.42 views

CVE-2023-51663 Hail authentication can be bypassed by changing email address

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

5.3CVSS5.3AI score0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/29 4:53 p.m.14 views

CVE-2023-51663 Hail authentication can be bypassed by changing email address

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

5.3CVSS5.1AI score0.00367EPSS
Exploits0References1
Prion
Prion
added 2023/08/04 12:15 a.m.17 views

Code injection

In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...

7.5CVSS9.5AI score0.0034EPSS
Exploits0References2Affected Software1
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.6 views

Admin user has an absolute power to withdraw all contract balance, which may raise red flags for investors

Lines of code Vulnerability details Impact Having rug-pull related code is always considered as a red flag for new investors. An admin, who's a single point of failure has access to withdraw function, which allows to withdraw the whole contract balance. Even if the owner is genuine the rug pull...

7.2AI score
Exploits0
OSV
OSV
added 2023/07/10 4:15 p.m.2 views

CVE-2023-3273

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control...

7.5CVSS5.8AI score0.01067EPSS
Exploits0References3
OSV
OSV
added 2023/04/10 9:15 p.m.5 views

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

7.8CVSS7.2AI score0.00166EPSS
Exploits0References1
Virtuozzo
Virtuozzo
added 2023/02/14 12:0 a.m.33 views

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

0.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/12/28 3:30 p.m.21 views

usememos/memos Improper Access Control vulnerability

usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...

8.8CVSS8.4AI score0.00911EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/12/28 3:30 p.m.18 views

GHSA-6W5W-WX8W-2CQ9 usememos/memos Improper Access Control vulnerability

usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...

8.8CVSS8.4AI score0.00911EPSS
Exploits1References4
OSV
OSV
added 2022/12/08 10:15 p.m.5 views

CVE-2022-33186

A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP...

9.8CVSS5.9AI score
Exploits0References1
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.13 views

Single-step process for critical ownership transfer/renounce is risky

Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-7651 · Siemens · Logo! 230Rce +7

Name of the Vulnerable Software and Affected Versions: LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 through 6ED1052-1MD08-0BA2 LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 through 6ED1052-2MD08-0BA2 LOGO! 230RCE versions 6ED1052-1FB08-0BA1 through 6ED1052-1FB08-0BA2 LOGO! 230RCEo versions...

7.8CVSS6.9AI score0.00866EPSS
Exploits0References9
Prion
Prion
added 2022/06/29 1:15 a.m.19 views

Default credentials

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address...

4CVSS4.8AI score0.02329EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/06/29 12:46 a.m.78 views

CVE-2022-31266

CVE-2022-31266 affects ILIAS up to version 7.10. The issue is a lack of verification when changing the email address on the Profile Page, which allows remote attackers to take over accounts. The vulnerability is documented across multiple sources (Red Hat, NVD, OSV, OpenVAS, CNNVD) with consisten...

7.5CVSS9.4AI score0.00821EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.4 views

Nagios XI 访问控制错误漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version 5.8.5 and prior versions. An attacker can exploit the...

4.3CVSS5.2AI score0.02329EPSS
Exploits0References6
Rows per page
Query Builder