Lucene search
K

221 matches found

CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from incorrect handling of HTTP authentication requests, resulting in an authentication bypass vulnerability...

9.8CVSS9.2AI score0.00599EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/10/24 12:41 p.m.35 views

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance ASA that could lead to a denial-of-service DoS condition. The vulnerability, tracked as CVE-2024-20481 CVSS score: 5.8, affects the Remote Access VPN RAVPN service of...

9.9CVSS8.7AI score0.15953EPSS
Exploits0
NVD
NVD
added 2024/10/23 6:15 p.m.24 views

CVE-2024-20481

A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...

5.8CVSS0.15953EPSS
Exploits0References2
OSV
OSV
added 2024/10/23 6:15 p.m.3 views

CVE-2024-20481

A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...

5.8CVSS5.8AI score0.15953EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/10/23 12:0 a.m.17 views

CVE-2024-20481

A vulnerability in the Remote Access VPN RAVPN service of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS of the RAVPN service. This vulnerability is due to resource...

5.8CVSS7.6AI score0.15953EPSS
In wildExploits0References2
OSV
OSV
added 2024/10/03 7:15 p.m.5 views

CVE-2024-41589

DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/08/20 5:27 a.m.18 views

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitiv...

6.7AI score
Exploits0
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.112 views

Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. This requires the plugin's Log Authentication Requests setting to be set...

7.5CVSS7.7AI score0.25855EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2023/09/08 12:0 a.m.6 views

The vulnerability of the RADIUS protocol implementation (Remote Authentication in Dial-In User Service) of the Cisco Identity Services Engine (ISE) allows a perpetrator to cause service interruptions.

The vulnerability of the RADIUS protocol Remote Authentication in Dial-In User Service implementation of the Cisco Identity Services Engine ISE is related to errors in processing requests. Exploiting this vulnerability allows a malicious actor to cause service denial by sending a specially crafte...

8.6CVSS7.8AI score0.00758EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/11 4:6 p.m.42 views

CVE-2022-41331

A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...

9.8CVSS9.7AI score0.01275EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...

7.4CVSS7.5AI score0.10114EPSS
Exploits1References9
NVD
NVD
added 2023/02/03 10:15 p.m.30 views

CVE-2023-22746

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.7AI score0.00693EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/03 9:7 p.m.30 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.9AI score0.00693EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/03 9:7 p.m.7 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.9AI score0.00693EPSS
Exploits0References3
OSV
OSV
added 2023/02/03 9:7 p.m.42 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS7.5AI score0.00693EPSS
Exploits0References5
OSV
OSV
added 2022/11/04 4:15 p.m.3 views

CVE-2022-27893

The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0...

4.2CVSS5.7AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/04 12:0 a.m.7 views

PT-2022-18672 · Osisoft · Osisoft-Pi-Web-Connector

Name of the Vulnerable Software and Affected Versions: osisoft-pi-web-connector versions 0.15.0 through 0.43.0 Description: The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. Recommendations: For osisoft-pi-web-connector...

4.2CVSS4.5AI score0.00197EPSS
Exploits0References3
Veracode
Veracode
added 2022/05/26 6:10 a.m.25 views

Authentication Bypass

github.com/pingcap/tidb is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly restrict the access path, allowing an attacker to bypass the authentication process by providing malicious authentication requests, resulting in privilege escalation or...

7.8CVSS7.7AI score0.00311EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2022/02/28 12:0 a.m.16 views

Dell Vnx2 Oe For File Security Feature Issue Vulnerability

Dell Vnx2 Oe For File is an operating environment from Dell USA. A security signature issue vulnerability exists in Dell Vnx2 Oe For File that originates from an error in the processing of authentication requests. A remote attacker could use this vulnerability to bypass the authentication process...

9.8CVSS9.8AI score0.0156EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/21 12:0 a.m.20 views

CVE-2022-0564 Qlik Sense Enterprise Domain User enumeration

A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time...

5.3CVSS5.6AI score0.01356EPSS
Exploits0References3
Rows per page
Query Builder