Lucene search
K

593 matches found

CNNVD
CNNVD
added 2023/12/06 12:0 a.m.4 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2, which stems from a vulnerability that allows a remotely blocked user to log in and obtain an authentication token by specifying a...

9.8CVSS9.4AI score0.00985EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/12/06 12:0 a.m.19 views

CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...

7.2AI score0.00985EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/06 12:0 a.m.15 views

CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...

9.7AI score0.00985EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.42 views

RHEL 9 : grafana (RHSA-2023:6420)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6420 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana:...

8.1CVSS7.2AI score0.05623EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.19 views

Rocky Linux 9 : pcs (RLSA-2022:6313)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6313 advisory. - A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS...

7.8CVSS7.4AI score0.00299EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/03 12:0 a.m.3 views

ASUS RT-AX55 Security Breach

The ASUS RT-AX55 is a dual-band Wi-Fi router from Asus China. A security vulnerability exists in the ASUS RT-AX55, which originates from an insufficient special character filtering in the check token module of authentication-related functions. The vulnerability can be exploited to cause command...

8.8CVSS7AI score0.01288EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/21 7:33 a.m.26 views

CVE-2023-4939 SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...

5.3CVSS5.8AI score0.00513EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/09/29 12:0 a.m.6 views

The vulnerability of the application-specific SAML interface of the Cisco Catalyst SD-WAN Manager centralized network management system allows a perpetrator to gain access to the application.

The vulnerability of the application software interface for the Single Sign-On module of the Cisco Catalyst SD-WAN Manager centralized network management system is related to errors during authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the...

10CVSS8AI score0.01063EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/27 6:31 p.m.25 views

CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...

8.2CVSS9.3AI score0.00675EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/09/27 6:31 p.m.26 views

CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...

8.2CVSS9.6AI score0.00675EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.3 views

Cisco Catalyst SD-WAN Manager 授权问题漏洞

Cisco vManage is a highly customizable control panel that simplifies and automates Cisco SD-WAN deployment, configuration, management and operations. An unauthorized access vulnerability exists in Cisco Catalyst SD-WAN Manager in versions 20.9.3.2 and 20.11.1.2. The vulnerability is due to failur...

9.8CVSS6.7AI score0.01063EPSS
Exploits0References2
NVD
NVD
added 2023/08/16 3:15 p.m.25 views

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

5.9CVSS5.8AI score0.00494EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.3 views

PT-2023-27401 · Jenkins · Jenkins Tuleap Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Authentication Plugin versions 1.1.20 and earlier Description: The issue concerns a non-constant time comparison function used when validating an authentication token, allowing attackers to potentially use statistical methods t...

5.9CVSS5.8AI score0.00494EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/04 6:17 p.m.77 views

Security Bulletin: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user (CVE-2023-38372)

Summary Guidance on best practices to mitigate or avoid compromise in case an unauthorized attacker obtains an IBM Watson IoT Platform security authentication token CVE-2023-38372. Vulnerability Details CVEID:CVE-2023-38372 DESCRIPTION: IBM Watson IoT Platform contains a vulnerability that could...

7.5CVSS5.9AI score0.00643EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/06/27 3:15 p.m.3 views

CVE-2023-36000

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

6.5CVSS5.8AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2023/06/27 3:15 p.m.18 views

CVE-2023-35998

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

4.6CVSS4.7AI score0.00245EPSS
Exploits0References2
Prion
Prion
added 2023/06/27 3:15 p.m.20 views

Authorization

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

4.1CVSS4.8AI score0.00245EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/27 3:15 p.m.17 views

Authorization

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

3.3CVSS6.4AI score0.0031EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/27 2:32 p.m.16 views

CVE-2023-36000 ITM Server Missing Authorization for Agent Config

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

6.5CVSS6.6AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/27 2:30 p.m.11 views

CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

4.6CVSS6.9AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder