Lucene search
K

147 matches found

Cvelist
Cvelist
added 2021/07/01 4:45 p.m.32 views

CVE-2021-32729 A user without PR can reset user authentication failures information

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script right...

2CVSS5.7AI score0.00499EPSS
Exploits0References2
Veracode
Veracode
added 2020/04/10 12:59 a.m.34 views

Authentication Bypass

openldap is vulnerable to authentication bypass. The vulnerability exists as a flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP...

4.6CVSS1.6AI score0.02959EPSS
Exploits0References23Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.29 views

openSUSE Security Update : mailman (openSUSE-2019-495)

This update for mailman to version 2.1.27 fixes the following issues : This security issue was fixed : - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed : - The hash generated when...

5.4CVSS6.3AI score0.02048EPSS
Exploits0References2
OSV
OSV
added 2019/03/21 3:59 p.m.7 views

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts...

7.5CVSS7.2AI score0.01505EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/07/12 4:14 p.m.4 views

openssl: Carry propagating bug in Montgomery multiplication

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...

5.9CVSS7.3AI score0.14225EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2018/07/01 12:0 a.m.30 views

openSUSE: Security Advisory for mailman (openSUSE-SU-2018:1858-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.4CVSS6.4AI score0.02048EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/30 3:7 p.m.93 views

Security update for mailman (moderate)

This update for mailman to version 2.1.27 fixes the following issues: This security issue was fixed: - CVE-2018-0618: Additional protections against injecting scripts into listinfo and error messages pages bsc1099510. These non-security issues were fixed: - The hash generated when...

0.2AI score0.02048EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/05/24 12:0 a.m.388 views

Target Credential Issues by Authentication Protocol - No Issues Found

Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol. When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that ma...

5.8AI score
Exploits0
CNVD
CNVD
added 2018/01/30 12:0 a.m.7 views

Lenovo System x-Series and IBM System x-Series Denial of Service Vulnerabilities

Lenovo System x is a server from Lenovo in China.IBM System x is a server from IBM in the United States. A security vulnerability exists in the Lenovo System x series prior to version 4.4 and the IBM System x series prior to version 6.4. An attacker could exploit this vulnerability to cause a...

7.8CVSS6.7AI score0.01212EPSS
Exploits0References1
OSV
OSV
added 2018/01/26 7:29 p.m.6 views

CVE-2017-3768

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...

7.5CVSS5.8AI score0.01212EPSS
Exploits0References1
CVE
CVE
added 2018/01/26 7:0 p.m.57 views

CVE-2017-3768

CVE-2017-3768 affects IBM IMM2 (System x, Flex, BladeCenter) and Lenovo System x variants. A remote, unprivileged attacker with CIM connectivity can flood IMM2 with authentication failures, exhausting memory and causing the device to reboot. Affected versions are Lenovo System x (pre-4.4) and IBM...

7.8CVSS7.4AI score0.01212EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/01/26 7:0 p.m.25 views

CVE-2017-3768

An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x. Flooding the IMM2 with a high volume of authentication failures via the Common Information Model CIM used ...

7.5AI score0.01212EPSS
Exploits0References1
n0where
n0where
added 2017/07/03 4:25 p.m.20 views

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

0.1AI score
Exploits0References1
Citrix
Citrix
added 2017/05/12 12:0 a.m.7 views

Users get multiple OTP Push Notifications, Radius servers see multiple Auth requests & Auth Failures

Users will receive authentication denials, may receive multiple Push Notifications, Radius servers will log multiple simultaneous authentication requests for the same user with different Radius IDs, or user One Time Password tokens will become locked out. If you review traces, you will see multip...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/19 12:0 a.m.54 views

Ubuntu 14.04 LTS : OpenSSH regression (USN-2710-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2710-2 advisory. USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default...

8.5CVSS6.5AI score0.09302EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.23 views

Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64

It was discovered that the Cyrus SASL library cyrus-sasl does not always reliably terminate output from the saslencode64 function used by programs using this library. The Cyrus IMAP server cyrus-imapd relied on this function's output being properly terminated. Under certain conditions, improperly...

7.5CVSS5AI score0.08206EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.23 views

CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS4.8AI score0.08206EPSS
Exploits0References2
OSV
OSV
added 2009/02/13 1:30 a.m.5 views

CVE-2009-0362

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...

6.4AI score
Exploits0References3
NVD
NVD
added 2009/02/13 1:30 a.m.25 views

CVE-2009-0362

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...

4CVSS6.4AI score0.01303EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2009/02/13 1:30 a.m.17 views

CVE-2009-0362

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...

4CVSS5.9AI score0.01303EPSS
Exploits1References1
Rows per page
Query Builder