Lucene search
K

33 matches found

NVD
NVD
added 2019/11/15 4:15 a.m.12 views

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS9.8AI score0.02392EPSS
Exploits0References5
OSV
OSV
added 2019/11/15 4:15 a.m.2 views

DEBIAN-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS8.2AI score0.02392EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/11/15 4:15 a.m.20 views

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS7.1AI score0.02392EPSS
Exploits0References4
OSV
OSV
added 2019/11/15 4:15 a.m.1 views

UBUNTU-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS7.1AI score0.02392EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/11/15 3:45 a.m.31 views

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS8.9AI score0.02392EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/11/15 12:0 a.m.1 views

PT-2019-15720 · Cyrus +5 · Cyrus Imap +5

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 2.5.x through 2.5.13 Cyrus IMAP versions 3.x through 3.0.11 Description: The issue allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that...

9.8CVSS7.1AI score0.07622EPSS
Exploits0References39
Prion
Prion
added 2017/09/01 1:29 p.m.17 views

Authentication flaw

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...

5CVSS7.5AI score0.02346EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2017/09/01 1:29 p.m.31 views

CVE-2017-12869

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...

7.5CVSS7.1AI score0.02346EPSS
Exploits0References2
OSV
OSV
added 2017/09/01 1:29 p.m.41 views

CVE-2017-12869

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...

7.5CVSS7AI score
Exploits0References3
OSV
OSV
added 2017/09/01 1:29 p.m.1 views

UBUNTU-CVE-2017-12869

The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input...

7.5CVSS7.2AI score0.02346EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/05/10 12:43 p.m.2 views

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

4.2CVSS7.4AI score0.02211EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/05/09 10:46 a.m.3 views

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

4.2CVSS7.4AI score0.02211EPSS
Exploits0References5
Saint
Saint
added 2007/12/03 12:0 a.m.34 views

MIT Kerberos 5 RPC library RPCSEC_GSS buffer overflow

Added: 12/03/2007 CVE: CVE-2007-3999 BID: 25534 OSVDB: 37324 Background Kerberos is a network authentication protocol which provides strong authentication for client/server applications. MIT Kerberos 5 is a free implementation of this protocol. Problem A buffer overflow in the svcauthgssvalidate...

10CVSS9.5AI score0.10997EPSS
Exploits4
Rows per page
Query Builder