102 matches found
The vulnerability of the API interface of the Threat Intelligence Exchange Server allows attackers to compromise the integrity of the protected information.
The vulnerability of the Threat Intelligence Exchange Server’s API interface is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information through specially crafted...
Vulnerabilities of Windows operating systems, related to authentication deficiencies, allow attackers to escalate their privileges.
The vulnerability of Windows operating systems is related to authentication deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...
Vulnerabilities of Windows operating systems, related to authentication deficiencies, allow attackers to escalate their privileges.
The vulnerability of Windows operating systems is related to authentication deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...
The vulnerability of the SAP Disclosure Management tool in terms of reporting capabilities is related to deficiencies in authentication procedures, which allow unauthorized users to increase their privileges.
The vulnerability of the SAP Disclosure Management reporting tool is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially crafted request...
The vulnerability of the command-line interface of the Cisco NX-OSS network operating system in Cisco devices allows a attacker to elevate their privileges and execute arbitrary code.
The vulnerability of the command-line interface of the Cisco NX-OSS network operating system devices stems from deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...
The vulnerability of the Identity Services Engine, a platform for managing network policies, exposes the Cisco Prime Infrastructure monitoring and management system to attacks from insiders. This allows attackers to carry out “man-in-the-middle” type attacks.
The vulnerability of the Identity Services Engine, a platform for managing network policies, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker operating remotely to carry out a “man-in-the-middle” attack...
The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.
The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...
The vulnerabilities of Siemens EN100 switching module software, SIPROTEC relay protection devices, and the DIGSI 4 device management and configuration software package are related to authentication errors, allowing attackers to obtain access passwords.
The vulnerabilities of Siemens EN100 switching module software, SIPROTEC relay protection devices, and the DIGSI 4 device management and configuration software package are related to deficiencies in the authentication process. Exploiting these vulnerabilities can allow attackers to obtain access...
The vulnerability of the microprogrammed software of the Digizo ShAirDisk PTW-WMS1 mobile disk drive lies in its authentication procedures’ deficiencies, allowing an intruder to gain access to the device with root privileges.
The vulnerability of the microprogrammed wireless mobile disk storage device Digizo ShAirDisk PTW-WMS1 is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the device with root privileges...
CVE-2017-12251
A vulnerability in the web console of the Cisco Cloud Services Platform CSP 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines VMs operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation o...
The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a perpetrator to obtain confidential information.
The vulnerability of the Cisco Identity Services Engine’s gateway portal is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information through direct requests...
openSUSE Security Update : tomcat6 (openSUSE-SU-2012:1700-1)
fix bnc793394 - bypass of security constraints CVE-2012-3546 - apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381 035 - fix bnc793391 - bypass of CSRF prevention filter CVE-2012-4431 - apache-tomcat-CVE-2012-4431.patch...
Moderate: Red Hat Security Advisory: jbossweb security update
An update for JBoss Enterprise Web Platform 5.2.0 which fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier,...
Design/Logic Flaw
Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...
CVE-2009-4182
HP Web Jetadmin 10.2 and later uses a remote SQL Server and is affected by multiple vulnerabilities that can allow remote unauthorized access to data and DoS. The root cause involves authentication and encryption weaknesses on the SQL server and insufficient network protections, per HP/SRT bullet...
CVE-2009-4182
Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...
CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks...
EUVD-2001-0564
The SSH protocols 1 and 2 aka SSH-2 as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: 1 password lengths or ranges of lengths, which simplifies brute force password guessing, 2 whether RSA or DS...