Lucene search
K

101 matches found

BDU FSTEC
BDU FSTEC
added 2022/06/21 12:0 a.m.8 views

The vulnerabilities of Schneider Electric’s automation controllers with microprogrammed software, such as C-Bus (LSS5500NAC), Wiser for C-Bus (LSS5500SHAC), Clipsal C-Bus (5500NAC), Clipsal Wiser for C-Bus (5500SHAC), and SpaceLogic C-Bus (5500NAC2), SpaceLogic C-Bus (5500AC2), are related to errors during authentication procedures. These vulnerabilities allow attackers to gain full access to the devices.

The vulnerabilities of Schneider Electric’s automation controllers—C-Bus LSS5500NAC, Wiser for C-Bus LSS5500SHAC, Clipsal C-Bus 5500NAC, Clipsal Wiser for C-Bus 5500SHAC, and SpaceLogic C-Bus 5500NAC2, 5500AC2—are related to authentication process errors. Exploiting these vulnerabilities can allo...

10CVSS7.8AI score0.00781EPSS
Exploits0References2Affected Software5
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.18 views

FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd

Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization CWE-362 and one of authentication bypass by capture-replay CWE-294, may allow a remote unauthenticated attacker to...

2.8AI score
Exploits0Affected Software2
The Hacker News
The Hacker News
added 2021/07/01 6:5 a.m.43 views

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses CV...

0.2AI score
Exploits0
VMware
VMware
added 2021/05/23 12:0 a.m.105 views

VMSA-2021-0010:VMware vCenter Server updates address remote code execution and authentication vulnerabilities

Advisory ID: VMSA-2021-0010 CVSSv3 Range: 6.5-9.8 Issue Date:2021-05-25 Updated On: 2021-05-25 Initial Advisory CVEs: CVE-2021-21985, CVE-2021-21986 Synopsis: VMware vCenter Server updates address remote code execution and authentication vulnerabilities CVE-2021-21985, CVE-2021-21986 RSS Feed...

10CVSS10AI score0.99999EPSS
Exploits13References53Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/09/22 12:0 a.m.4 views

The vulnerabilities of Trend Micro Vulnerability Protection and Trend Micro Deep Security Manager, related to authentication deficiencies, allow attackers to enhance their privileges.

The vulnerabilities of Trend Micro Vulnerability Protection and Trend Micro Deep Security Manager are related to authentication deficiencies. Exploiting these vulnerabilities can allow attackers, operating remotely, to increase their privileges...

8.1CVSS7.5AI score0.02757EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2020/02/25 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for dovecot (EulerOS-SA-2020-1146)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02525EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/10/04 12:0 a.m.37 views

Apple iOS < 13.0 Multiple Vulnerabilities

Binary data appleios130check.nbin...

9.8CVSS7.4AI score0.17444EPSS
Exploits2References10
OSV
OSV
added 2019/09/12 7:9 p.m.10 views

MGASA-2019-0266 Updated squid packages fix security vulnerabilities

Updated squid packages fix security vulnerabilities: It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service CVE-2019-12525. It was discovered that Squid incorrectly handled...

9.8CVSS8.7AI score0.74477EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2019/08/08 2:33 p.m.70 views

Researchers Bypass Apple FaceID Using Biometrics 'Achilles Heel'

LAS VEGAS – Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications – including Apple’s FaceID. But there is a catch. Doing so requires the victim to be out cold. Researchers on...

0.1AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.32 views

Joomla! 3.1.x < 3.8.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0...

9.8CVSS7.5AI score0.06333EPSS
Exploits3References4
Krebs on Security
Krebs on Security
added 2018/08/16 5:1 p.m.55 views

Hanging Up on Mobile in the Name of Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like the...

7.1AI score
Exploits0
ICS
ICS
added 2016/08/12 6:0 a.m.40 views

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...

7.5CVSS7.8AI score0.11199EPSS
Exploits8References10
Microsoft KB
Microsoft KB
added 2016/08/09 12:0 a.m.497 views

MS16-101: Security update for Windows authentication methods: August 9, 2016

Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.Important This article contains information that shows you how to help lower security settings or how to turn off security features on a...

7.8CVSS0.1AI score0.17181EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2016/04/13 12:0 a.m.66 views

RHEL 5 : samba (RHSA-2016:0621) (Badlock)

An update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS6.8AI score0.3693EPSS
Exploits0References10
ICS
ICS
added 2014/07/18 6:0 a.m.60 views

CareFusion Pyxis SupplyStation System Vulnerabilities

OVERVIEW Independent researcher Billy Rios identified authentication vulnerabilities in CareFusion’s Pyxis SupplyStation system. CareFusion has implemented additional controls to mitigate some of these vulnerabilities in the SupplyStation system. Some of the reported vulnerabilities could be...

9.7CVSS6.6AI score0.02088EPSS
Exploits0References10
ICS
ICS
added 2014/07/05 6:0 a.m.34 views

Accuenergy Acuvim II Authentication Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 2, 2014, and is being released to the ICS-CERT web site. Independent researcher Laisvis Lingvevicius has identified two authentication vulnerabilities within the Accuenergy AXM-NET Ethernet module’s web...

7.5CVSS7.3AI score0.01802EPSS
Exploits0References10
NVD
NVD
added 2014/07/02 8:55 p.m.12 views

CVE-2014-4614

Multiple cross-site request forgery CSRF vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the 1 pwg.groups.addUser, 2 pwg.groups.deleteUser, 3 pwg.groups.setInfo, 4 pwg.users.setInfo, 5 pwg.permissions.add, or 6...

6.8CVSS7.2AI score0.00657EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2014/01/09 10:58 a.m.9 views

Siemens Fixes Authentication Bugs in Scalance X-200 Switches

Researchers have discovered two serious vulnerabilities in industrial Ethernet switches manufactured by Siemens that could enable attackers to perform unauthorized actions on the switches without authentication. One of the bugs allows attackers to hijack Web sessions and the other enables them to...

1.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/11/01 5:23 p.m.10 views

Mobile Security Woes Go Beyond Malicious Apps

If, like most Americans, you’ve developed an attachment to your mobile phone that borders on the unnatural and have a hard time going 11 seconds without checking email or texts, you’d do well not to attend a talk by Zach Lanier and Mike Zusman anytime soon. The pair discussed a variety of...

8.1AI score
Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.15 views

CVE-2004-2210

Multiple cross-site scripting XSS vulnerabilities in Express-Web Content Management System CMS allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the 1 n, 2 b, 3 e, or 4 a parameters to default.asp, 5 the Referer header in an HTTP reque...

4.3CVSS6.2AI score0.01283EPSS
Exploits1References3
Rows per page
Query Builder