Lucene search
K

593 matches found

Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.4 views

PT-2025-6519 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.1 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: A denial of service vulnerability exists in GitLab CE/EE. An attacker can impact the availability of...

8.5CVSS6.7AI score0.00473EPSS
Exploits1References14
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.3 views

2N OS 安全漏洞

2N OS is an operating system for access control systems from 2N. A security vulnerability exists in 2N OS that stems from an unfiltered authentication token when logging is enabled. An attacker could exploit the vulnerability to obtain a valid token...

4.3CVSS6.8AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:59 p.m.8 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS6.7AI score0.00473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:46 a.m.11 views

CVE-2024-21638

Azure IPAM IP Address Management is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assign...

9.8CVSS6.8AI score0.01657EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:40 a.m.13 views

CVE-2024-23657

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attack...

8.8CVSS7AI score0.01143EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/01/23 4:36 p.m.8 views

CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

9.5CVSS7.7AI score0.00365EPSS
Exploits1References3
CVE
CVE
added 2025/01/23 4:36 p.m.52 views

CVE-2024-52329

CVE-2024-52329 affects ECOVACS HOME mobile app plugins for specific robots, where TLS certificate validation is not properly performed. The underlying issue allows an unauthenticated attacker to read or modify TLS traffic and to obtain authentication tokens. The entry provides CVSS data indicatin...

9.5CVSS7.7AI score0.00365EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.7 views

ECOVACS HOME mobile app plugins 信任管理问题漏洞

The ECOVACS HOME mobile app plugins is a mobile app plugin from ECOVACS, China. A security vulnerability exists in the ECOVACS HOME mobile app plugins that stems from the mobile app plugin not properly validating TLS certificates. An unauthenticated attacker could read or modify TLS traffic and...

9.5CVSS6.8AI score0.00365EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.3 views

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista Corporation. A security vulnerability exists in Arista NG Firewall that originates from a user with administrator privileges being able to retrieve an authentication token...

6.6CVSS6.8AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 6:43 a.m.20 views

CVE-2024-40762

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass...

0.01003EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2026-2881

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SUNRPC component, specifically in the svcauth gss function related to handling zero-length gss token values during the gss read proxy verf...

6.8CVSS5.5AI score0.0016EPSS
Exploits0
Hacker One
Hacker One
added 2024/12/27 9:52 p.m.7 views

Mozilla: Netlify Authentication Token Exposed in Public Mozilla CI Logs

A critical vulnerability was discovered involving the exposure of a Netlify authentication token within publicly accessible logs. The token provided full access to the "Mozilla IT Web SRE" Netlify account, bypassing all restrictions. The token's permissions encompassed roles such as Owner,...

7.2AI score
Exploits0
Veracode
Veracode
added 2024/12/23 3:8 p.m.11 views

Authentication Token Leakage

github.com/cli/go-gh is vulnerable to authentication token leakage. The vulnerability is due to improper handling of authentication tokens, where auth.TokenForHost could source a token from the GITHUBTOKEN environment variable for non-GitHub hosts within a codespace...

7.5CVSS6.8AI score0.00534EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2024/12/23 12:22 p.m.15 views

Authentication Token Leakage

github.com/cli/cli is vulnerable to authentication token leakage. The vulnerability is due to improper handling of the credential.helper configuration when cloning repositories with git submodules hosted outside of GitHub.com and ghe.com, causing authentication tokens to be exposed...

6.5CVSS6.9AI score0.00281EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/12 3:46 p.m.12 views

GO-2024-3295 Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh

Violation of GitHub host security boundary when sourcing authentication token within a codespace in github.com/cli/go-gh...

7.5CVSS6.4AI score0.00534EPSS
Exploits0References6
OSV
OSV
added 2024/11/27 9:25 p.m.10 views

CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

6.5CVSS6.4AI score0.00534EPSS
Exploits0References8
Arista
Arista
added 2024/10/29 12:0 a.m.60 views

Security Advisory 0105

Security Advisory 0105 PDF Date: October 29, 2024 Revision | Date | Changes ---|---|--- 1.0 | October 29, 2024 | Initial release Description Multiple vulnerabilities exist for the Arista Edge Threat Management - Arista NG Firewall NGFW: 1 Description : A user with administrator privileges can...

9.8CVSS7.5AI score0.01353EPSS
Exploits3
NVD
NVD
added 2024/10/22 2:15 a.m.16 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

7.8CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 1:19 a.m.14 views

CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this...

5.5CVSS7.7AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2024/10/22 1:19 a.m.48 views

CVE-2024-9677

Affected: Zyxel USG FLEX H series devices running uOS firmware v1.21 and earlier. Vulnerable component: CLI commands where credentials are insufficiently protected, enabling an authenticated local attacker to escalate privileges by stealing a login administrator’s authentication token if the admi...

7.8CVSS7.5AI score0.00154EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder