Lucene search
K

74 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.9 views

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...

9.3CVSS6.7AI score0.0052EPSS
Exploits0
OSV
OSV
added 2025/05/21 5:15 p.m.2 views

CVE-2025-20152

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker...

8.6CVSS5.8AI score0.00667EPSS
Exploits0References1
OSV
OSV
added 2025/01/27 9:15 a.m.1 views

UBUNTU-CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.5CVSS5.9AI score0.01136EPSS
Exploits0References6
OSV
OSV
added 2024/09/15 11:15 p.m.3 views

CVE-2024-46943

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting AAA through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information...

7.5CVSS5.8AI score0.00556EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2024/09/13 12:0 a.m.22 views

CVE-2024-39924

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate...

8.8CVSS7AI score0.13064EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/08/06 12:0 a.m.11 views

Fedora: Security Advisory (FEDORA-2024-1d1b485611)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.9AI score0.02053EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.24 views

RHEL 9 : ipa (RHSA-2024:3757)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

8.8CVSS7.9AI score0.02053EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/22 11:47 a.m.60 views

Moderate: Red Hat Security Advisory: idm:DL1 and idm:client security update

An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.8CVSS6.5AI score0.0098EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/05/20 8:38 a.m.18 views

CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...

9.1CVSS7AI score0.0047EPSS
Exploits1References2
NVD
NVD
added 2024/04/11 1:22 a.m.11 views

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

6.5CVSS6.2AI score0.00845EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.6 views

PT-2024-5329 · Apache · Rocketmq

Name of the Vulnerable Software and Affected Versions: RocketMQ versions 5.2.0 and below Description: The issue is related to insufficient protection of service data in the RocketMQ messaging platform. This could allow a remote attacker to gain unauthorized access to protected information. Under...

8.8CVSS7.7AI score0.0089EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2023/11/08 3:26 p.m.10 views

CVE-2023-45140 Group-based JIT MFA bypass on scp and sftp in The Bastion

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don't honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnorm...

4.8CVSS6.8AI score0.00387EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.33 views

Ubuntu 16.04 ESM : Apache ZooKeeper vulnerabilities (USN-4789-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4789-1 advisory. It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or oth...

8.1CVSS7.7AI score0.73654EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2023/10/17 12:0 a.m.9 views

VulnCheck KEV: CVE-2023-4966

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

9.4CVSS7.4AI score0.99999EPSS
Exploits15References1
BDU FSTEC
BDU FSTEC
added 2023/10/09 12:0 a.m.6 views

The vulnerability of the Authentication, Authorization, and Accounting (AAA) function, as well as the SCP function of Cisco IOS and Cisco IOS XE operating systems, allows attackers to circumvent security restrictions and obtain or modify the configuration of vulnerable devices.

The vulnerability of the Authentication, Authorization, and Accounting AAA function and the SCP function of Cisco IOS and Cisco IOS XE operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and obta...

8CVSS7.7AI score0.00586EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.6 views

The vulnerability of the software for exchanging information and events between components of the IBM Security Verify Information Queue authentication and authorization system, related to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.

The vulnerability of the information and event exchange software between the components of the IBM Security Verify Information Queue authentication and authorization system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor,...

5.3CVSS5.9AI score0.00524EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/28 10:15 p.m.13 views

CVE-2023-29056

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined...

5.9CVSS5.4AI score0.00445EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/02/28 11:26 a.m.2 views

Application Security vs. API Security: What is the difference?

As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs Application Programming Interfaces. With that said, application security and API security are two critical components of a...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.6 views

The vulnerability of Cisco IOS XE’s operating system in authentication, authorization, and accounting services allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of Cisco IOS XE’s authentication, authorization, and accounting AAA services arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures...

10CVSS8.4AI score0.08074EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/27 12:0 a.m.4 views

PT-2022-27691 · Unknown · Opendaylight

Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteRole function in RoleStore.java is affected when using the API interface /auth/v1/roles/. Recommendations:...

7.5CVSS7.3AI score0.00599EPSS
Exploits1References5
Rows per page
Query Builder