Lucene search
K

102 matches found

BDU FSTEC
BDU FSTEC
added 2020/01/20 12:0 a.m.3 views

The vulnerability of the API interface of the Threat Intelligence Exchange Server allows attackers to compromise the integrity of the protected information.

The vulnerability of the Threat Intelligence Exchange Server’s API interface is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information through specially crafted...

4.5CVSS5.5AI score0.00747EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.5 views

Vulnerabilities of Windows operating systems, related to authentication deficiencies, allow attackers to escalate their privileges.

The vulnerability of Windows operating systems is related to authentication deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...

7.8CVSS5.5AI score0.01014EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.2 views

Vulnerabilities of Windows operating systems, related to authentication deficiencies, allow attackers to escalate their privileges.

The vulnerability of Windows operating systems is related to authentication deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...

7.8CVSS5.5AI score0.19205EPSS
Exploits25References4
BDU FSTEC
BDU FSTEC
added 2019/05/07 12:0 a.m.3 views

The vulnerability of the SAP Disclosure Management tool in terms of reporting capabilities is related to deficiencies in authentication procedures, which allow unauthorized users to increase their privileges.

The vulnerability of the SAP Disclosure Management reporting tool is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially crafted request...

8.7CVSS7.6AI score0.01428EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/03/22 12:0 a.m.4 views

The vulnerability of the command-line interface of the Cisco NX-OSS network operating system in Cisco devices allows a attacker to elevate their privileges and execute arbitrary code.

The vulnerability of the command-line interface of the Cisco NX-OSS network operating system devices stems from deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

7.8CVSS7.5AI score0.0031EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/03/13 12:0 a.m.4 views

The vulnerability of the Identity Services Engine, a platform for managing network policies, exposes the Cisco Prime Infrastructure monitoring and management system to attacks from insiders. This allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the Identity Services Engine, a platform for managing network policies, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker operating remotely to carry out a “man-in-the-middle” attack...

7.4CVSS7.2AI score0.00846EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/07/27 12:0 a.m.7 views

The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.

The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...

10CVSS5.5AI score0.04574EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2018/04/06 12:0 a.m.5 views

The vulnerabilities of Siemens EN100 switching module software, SIPROTEC relay protection devices, and the DIGSI 4 device management and configuration software package are related to authentication errors, allowing attackers to obtain access passwords.

The vulnerabilities of Siemens EN100 switching module software, SIPROTEC relay protection devices, and the DIGSI 4 device management and configuration software package are related to deficiencies in the authentication process. Exploiting these vulnerabilities can allow attackers to obtain access...

5.3CVSS5.5AI score0.00582EPSS
Exploits0References4Affected Software10
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.6 views

The vulnerability of the microprogrammed software of the Digizo ShAirDisk PTW-WMS1 mobile disk drive lies in its authentication procedures’ deficiencies, allowing an intruder to gain access to the device with root privileges.

The vulnerability of the microprogrammed wireless mobile disk storage device Digizo ShAirDisk PTW-WMS1 is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to the device with root privileges...

10CVSS5.5AI score0.02553EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/10/19 8:29 a.m.1 views

CVE-2017-12251

A vulnerability in the web console of the Cisco Cloud Services Platform CSP 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines VMs operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation o...

9.9CVSS5.8AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/03/11 12:0 a.m.7 views

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a perpetrator to obtain confidential information.

The vulnerability of the Cisco Identity Services Engine’s gateway portal is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information through direct requests...

5CVSS5.5AI score0.01591EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.30 views

openSUSE Security Update : tomcat6 (openSUSE-SU-2012:1700-1)

fix bnc793394 - bypass of security constraints CVE-2012-3546 - apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381 035 - fix bnc793391 - bypass of CSRF prevention filter CVE-2012-4431 - apache-tomcat-CVE-2012-4431.patch...

5.8CVSS6.1AI score0.12098EPSS
Exploits6References22
RedHat Linux
RedHat Linux
added 2013/03/11 7:3 p.m.6 views

Moderate: Red Hat Security Advisory: jbossweb security update

An update for JBoss Enterprise Web Platform 5.2.0 which fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

5CVSS6.1AI score0.12098EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2012/05/21 4:28 p.m.4 views

tomcat: Multiple weaknesses in HTTP DIGEST authentication

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

5CVSS6.1AI score0.0854EPSS
Exploits0References4
securityvulns
securityvulns
added 2011/09/26 12:0 a.m.78 views

[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.11 - - Tomcat 6.0.0 to 6.0.32 - - Tomcat 5.5.0 to 5.5.33 - - Earlier,...

5CVSS0.3AI score0.0854EPSS
Exploits0
Prion
Prion
added 2010/01/14 6:30 p.m.14 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...

9CVSS8.5AI score0.01775EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/01/14 6:0 p.m.49 views

CVE-2009-4182

HP Web Jetadmin 10.2 and later uses a remote SQL Server and is affected by multiple vulnerabilities that can allow remote unauthorized access to data and DoS. The root cause involves authentication and encryption weaknesses on the SQL server and insufficient network protections, per HP/SRT bullet...

9CVSS8AI score0.01775EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2010/01/14 6:0 p.m.21 views

CVE-2009-4182

Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a remote SQL server is used, allow remote attackers to obtain access to data or cause a denial of service, possibly by leveraging authentication and encryption weaknesses on the SQL server...

7.8AI score0.01775EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/02/15 5:0 a.m.19 views

CVE-2005-0432

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks...

6.9AI score0.01987EPSS
Exploits0References2
EUVD
EUVD
added 2001/07/27 4:0 a.m.6 views

EUVD-2001-0564

The SSH protocols 1 and 2 aka SSH-2 as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: 1 password lengths or ranges of lengths, which simplifies brute force password guessing, 2 whether RSA or DS...

7.5CVSS6.3AI score0.07032EPSS
Exploits1References6
Rows per page
Query Builder