Lucene search
K

743 matches found

RedhatCVE
RedhatCVE
added 2021/02/10 9:41 p.m.26 views

CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4.9CVSS5.7AI score0.01313EPSS
Exploits0References3
OSV
OSV
added 2021/02/10 7:15 p.m.24 views

CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4.9CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2021/02/10 7:15 p.m.14 views

CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4.9CVSS0.01313EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/02/10 7:15 p.m.27 views

CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4.9CVSS6.6AI score0.01313EPSS
Exploits0References2
Prion
Prion
added 2021/02/10 7:15 p.m.21 views

Information disclosure

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4CVSS5.3AI score0.01313EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/02/10 7:15 p.m.3 views

UBUNTU-CVE-2020-7021

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emitrequestbody option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch...

4.9CVSS6.7AI score0.01313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/02/10 12:0 a.m.4 views

PT-2021-12634 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.10.0 Elasticsearch versions prior to 6.8.14 Description: The issue is related to an information disclosure problem when audit logging and the emit request body option are enabled. This could lead to the...

4.9CVSS5.3AI score0.01313EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2021/02/08 12:0 a.m.11 views

The vulnerability of the components of the Cisco Email Security Appliance, a system for email security management, and the Cisco Content Security Management Appliance, a system for content security management, as well as the Cisco Web Security Appliance, an internet gateway, allows attackers to gain unauthorized access to protected information.

The vulnerability of the components of the Cisco Email Security Appliance, the Cisco Content Security Management Appliance, and the Cisco Web Security Appliance involves a lack of authentication token requirements. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

5.3CVSS5.9AI score0.01142EPSS
Exploits0References2Affected Software3
Debian CVE
Debian CVE
added 2021/01/11 8:35 p.m.24 views

CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

7.4CVSS7.5AI score0.00917EPSS
Exploits0
CNVD
CNVD
added 2020/12/11 12:0 a.m.3 views

Microsoft Teams Cross-Site Scripting Vulnerability

Microsoft Teams is an American Microsoft Microsoft software for online meetings, chat, and cloud storage capabilities. A cross-site scripting vulnerability exists in Microsoft Teams online service, which stems from a stored cross-site scripting vulnerability contained in the displayName parameter...

5.7CVSS6.5AI score0.01893EPSS
Exploits1References1
OSV
OSV
added 2020/12/09 1:15 a.m.3 views

CVE-2020-10146

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

5.4CVSS6.2AI score0.01893EPSS
Exploits1References1
NVD
NVD
added 2020/12/09 1:15 a.m.15 views

CVE-2020-10146

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

5.7CVSS5.9AI score0.01893EPSS
Exploits1References1
Prion
Prion
added 2020/12/09 1:15 a.m.15 views

Cross site scripting

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

3.5CVSS5.7AI score0.01893EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/09 12:30 a.m.26 views

CVE-2020-10146 Microsoft Teams displayName stored cross-site scripting vulnerability

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for al...

5.7CVSS5.9AI score0.01893EPSS
Exploits1References1
OSV
OSV
added 2020/11/18 7:15 p.m.4 views

CVE-2020-3419

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacke...

9.1CVSS7.4AI score0.01744EPSS
Exploits0References1
CVE
CVE
added 2020/11/18 5:41 p.m.74 views

CVE-2020-3419

CVE-2020-3419 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The root cause is improper handling of authentication tokens, allowing an unauthenticated, remote attacker to join a Webex meeting without appearing on the participant list. Exploitation requires access to join links and ...

9.1CVSS7.2AI score0.01744EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/18 5:41 p.m.26 views

CVE-2020-3419 Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacke...

6.5CVSS9.3AI score0.01744EPSS
Exploits0References1
Cisco
Cisco
added 2020/11/18 4:0 p.m.101 views

Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacke...

6.5CVSS0.6AI score0.01744EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/02 3:54 p.m.23 views

Improper Authorization in loopback

Vulnerable versions of loopback may allow attackers to create Authentication Tokens on behalf of other users due to Improper Authorization. If the AccessToken model is publicly exposed, an attacker can create Authorization Tokens for any user as long as they know the target's userId. This will...

5.5AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 8:45 p.m.29 views

Malicious Package in eslint-config-eslint

Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server. Recommendation The best course of action if you found this package installed i...

7.1AI score
Exploits0References2Affected Software1
Rows per page
Query Builder