Lucene search
+L

82 matches found

osv
osv
added 2019/04/22 11:29 a.m.26 views

CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS8.3AI score
Exploits0References11
debiancve
debiancve
added 2019/04/21 4:36 p.m.24 views

CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS8.6AI score0.07624EPSS
Exploits0
alpinelinux
alpinelinux
added 2019/04/21 4:36 p.m.47 views

CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS8.5AI score0.07624EPSS
Exploits0
osv
osv
added 2019/04/16 12:0 a.m.2 views

UBUNTU-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS7AI score0.07624EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2019/04/16 12:0 a.m.28 views

CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS6.9AI score0.07624EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2017/12/01 12:0 a.m.7 views

PT-2017-14151 · Apache · Apache Qpid Broker-J

Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker-J versions 0.18 through 0.32 Description: The issue allows a remote unauthenticated attacker to trick the broker into using an authentication provider configured on a different port when connecting to an HTTP port. This...

9.8CVSS6.7AI score0.06214EPSS
Exploits0References10
osv
osv
added 2017/04/02 1:59 a.m.1 views

CVE-2017-2389

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site...

8.1CVSS7.3AI score0.01763EPSS
Exploits0References4
attackerkb
attackerkb
added 2017/02/20 8:59 a.m.3 views

CVE-2016-7579

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and...

5.9CVSS5.6AI score0.01838EPSS
Exploits0References6
prion
prion
added 2017/01/18 5:59 p.m.19 views

Code injection

The mauthenticate function in modules/msasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter...

6.8CVSS7AI score0.01281EPSS
Exploits0References5Affected Software1
openvas
openvas
added 2017/01/16 12:0 a.m.44 views

InspIRCd < 2.0.23 'm_sasl' Module SASL_EXTERNAL Authentication Spoofing Vulnerability

InspIRCd is prone to an authentication spoofing vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

5.9CVSS5.8AI score0.0108EPSS
Exploits0References3
nvd
nvd
added 2016/05/09 10:59 a.m.19 views

CVE-2016-2462

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...

7.6CVSS6.8AI score0.00391EPSS
Exploits0References2
nvd
nvd
added 2016/05/09 10:59 a.m.20 views

CVE-2016-2461

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...

7.6CVSS6.9AI score0.00455EPSS
Exploits0References3
prion
prion
added 2016/05/09 10:59 a.m.20 views

Design/Logic Flaw

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681...

7.6CVSS7.3AI score0.00455EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2016/05/09 10:0 a.m.24 views

CVE-2016-2462

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data AAD array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173...

6.9AI score0.00391EPSS
Exploits0References2
cve
cve
added 2016/05/09 10:0 a.m.51 views

CVE-2016-2461

CVE-2016-2461 affects OpenSSLCipher.java in Conscrypt on Android 6.x. The issue arises from mishandling resets of the AAD array, allowing a local attacker to spoof message authentication via unspecified vectors (internal bugs 27324690, 27696681). The vulnerability is tied to Conscrypt in the Andr...

7.6CVSS7.1AI score0.00455EPSS
Exploits0References3Affected Software1
cnvd
cnvd
added 2015/01/15 12:0 a.m.5 views

Cisco AnyConnect Secure Mobility Client Identity Spoofing Vulnerability

Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. An identity spoofing vulnerability exists in the Cisco AnyConnect Secure Mobility Client, which allows remote attackers to spoof forms of authentication and capture credentials via unspecified vectors...

5CVSS7.1AI score0.01086EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.131 views

PHP-Fusion 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

0.5AI score
Exploits0
packetstorm
packetstorm
added 2013/02/18 12:0 a.m.67 views

PHP-Fusion CMS 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

0.2AI score
Exploits0
symantec
symantec
added 2009/12/08 12:0 a.m.12 views

Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability

Description Microsoft Windows Active Directory Federation Services ADFS is prone to an authentication-spoofing vulnerability affecting single sign-on SSO websites because it fails to properly implement session management. Successful exploits will allow attackers to authenticate to trusted servers...

0.2AI score
Exploits0Affected Software1
cve
cve
added 2007/11/05 5:0 p.m.55 views

CVE-2007-5810

Hitachi Web Server versions 01-00 to 03-00-01 (as used by Cosminexus) do not properly validate SSL client certificates, allowing remote attackers to spoof authentication with a forged certificate. The vulnerability is mitigated if SSL client authentication is disabled; no explicit patch/version i...

5CVSS6.8AI score0.00781EPSS
Exploits0References5Affected Software14
Rows per page
Query Builder