Lucene search
K

121 matches found

OSV
OSV
added 2022/05/24 5:13 p.m.2 views

GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

8.8CVSS6.8AI score0.016EPSS
Exploits0References5
CNVD
CNVD
added 2021/11/21 12:0 a.m.19 views

WordPress Simple JWT Login plugin Access Control Error Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in the WordPress Simple JWT Login plugin in versions prior to...

8.8CVSS8.7AI score0.00612EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2021/09/15 12:0 a.m.4 views

The vulnerability of the authentication system for web applications, LemonLDAP::NG, related to an error in processing authentication keys, allows attackers to perform spear-phishing attacks.

The vulnerability of the authentication system for web applications related to the error in processing authentication keys controlled by users. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...

7.7CVSS7.5AI score0.01679EPSS
Exploits1References7Affected Software2
NVD
NVD
added 2021/04/28 7:15 a.m.20 views

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS0.01215EPSS
Exploits0References3
OSV
OSV
added 2021/04/28 7:15 a.m.1 views

DEBIAN-CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS5.6AI score0.01215EPSS
Exploits0References1
Prion
Prion
added 2021/04/28 7:15 a.m.15 views

Design/Logic Flaw

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5CVSS5.6AI score0.01215EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2021/04/28 7:15 a.m.1 views

UBUNTU-CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS5.8AI score0.01215EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/04/28 6:16 a.m.28 views

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

5.3CVSS5.2AI score0.01215EPSS
Exploits0
CVE
CVE
added 2021/04/28 6:16 a.m.70 views

CVE-2021-31866

CVE-2021-31866 affects Redmine before 4.0.9 and 4.1.x before 4.1.3. An attacker can learn internal authentication keys by observing timing differences in string comparisons in SysController and MailHandlerController, causing information disclosure. Affected product is Redmine (web-based project m...

5.3CVSS5.5AI score0.01215EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/26 12:0 a.m.6 views

PT-2021-4587 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.0.0 through 4.0.8 Redmine versions 4.1.0 through 4.1.2 Description: The issue is related to a timing difference in string comparison operations within SysController and MailHandlerController, allowing an attacker to learn...

9.8CVSS6.1AI score0.01737EPSS
Exploits0References42
Fedora
Fedora
added 2020/07/19 1:11 a.m.28 views

[SECURITY] Fedora 32 Update: apt-2.1.7-1.fc32

This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...

5.5CVSS2.4AI score0.01305EPSS
Exploits1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/04/27 9:48 a.m.39 views

GDPR.EU has er… a data leakage issue

GDPR.EU is an advice site ‘operated by Proton Technologies AG, co-funded by … the EU Horizon Framework’. It’s full of useful advice for organisations that need to comply with GDPR. Whilst it isn’t an official EU Commission site, it is partly funded by the EU. You may also be familiar with Proton...

6.7AI score
Exploits0
0day.today
0day.today
added 2020/04/15 12:0 a.m.83 views

Cellebrite UFED 7.29 Hardcoded ADB Authentication Keys Vulnerability

Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction. Title: Cellebrite Hardcoded ADB Authentication Keys Publicatio...

5.5CVSS0.5AI score0.00447EPSS
Exploits3
NVD
NVD
added 2020/02/05 4:15 p.m.31 views

CVE-2019-16204

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server...

7.5CVSS7.7AI score0.01476EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/05 3:16 p.m.33 views

CVE-2019-16204

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server...

7.7AI score0.01476EPSS
Exploits0References2
CVE
CVE
added 2020/02/05 3:16 p.m.71 views

CVE-2019-16204

The CVE-2019-16204 issue affects Brocade Fabric OS prior to versions 7.4.2f, 8.2.2a, 8.1.2j, and 8.2.1d. The vulnerability allows exposure of external passwords, common secrets, or authentication keys used between the switch and an external server. Root cause: information disclosure via insecure ...

7.5CVSS7.7AI score0.01476EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/03/22 12:0 a.m.5 views

The vulnerability of the package for configuring the cloud-init process in Linux operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the cloud-init configuration package for Linux operating systems is related to an error in the handling of authentication keys controlled by the user. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

6.4CVSS5.9AI score0.01403EPSS
Exploits0References2
GoogleProjectZero
GoogleProjectZero
added 2019/02/01 12:0 a.m.30 views

Examining Pointer Authentication on the iPhone XS

Posted by Brandon Azad, Project Zero In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ARM standard. I then demonstrate a way to use an arbitrary kernel read/write primitive to forge kernel...

7.3AI score
Exploits0
CNVD
CNVD
added 2018/07/03 12:0 a.m.3 views

Unspecified Vulnerability in ECOS Secure Boot Stick (CNVD-2019-38284)

The ECOS Secure Boot Stick a.k.a. SBS is a security device from ECOS TECHNOLOGY, Germany for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit the vulnerability to take contro...

7.5CVSS7.7AI score0.00566EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/03 12:0 a.m.3 views

Unspecified Vulnerability in ECOS System Management Appliance

ECOS System Management Appliance a.k.a. SMA is a virtual appliance from ECOS TECHNOLOGY, Germany, for centralized management of ECOS products, which is capable of running on VMware, Crtrix XenServer, and Hyper-V. A security vulnerability exists in ECOS SMA version 5.2.68 that stems from a failure...

7.3CVSS7.6AI score0.00431EPSS
Exploits0References1
Rows per page
Query Builder