Lucene search
K

134 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/08 12:15 a.m.6 views

CVE-2022-1245

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...

9.8CVSS7.7AI score0.01299EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.5 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to improper authentication, allows a perpetrator to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the improper handling of OAuth client identifiers. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause servic...

9CVSS7.7AI score0.00865EPSS
Exploits0References5Affected Software1
Circl
Circl
added 2021/09/27 4:34 p.m.6 views

CVE-2021-3822

creationtimestamp| type| source ---|---|--- 2021-09-27 16:34:55+00:00| seen| https://t.me/cibsecurity/29456...

7.5CVSS5.8AI score0.01372EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/12/08 8:55 a.m.5 views

activemq: remote XSS in web console diagram plugin

A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info...

6.1CVSS5.8AI score0.04312EPSS
Exploits0References4
Circl
Circl
added 2020/09/01 12:55 p.m.4 views

CVE-2020-12776

creationtimestamp| type| source ---|---|--- 2020-09-01 12:55:34+00:00| seen| https://t.me/cibsecurity/14400...

9CVSS7AI score0.00833EPSS
Exploits0References1
OSV
OSV
added 2020/08/26 4:15 p.m.5 views

CVE-2020-13821

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...

5.4CVSS6.1AI score0.00532EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.2 views

cxf: OpenId Connect token service does not properly validate the clientId

A flaw was found in cxf in versions prior to 3.2.11 and 3.3.4. The access token services do not properly validate that an authenticated principal is equal to that of the supplied clientId parameter allowing a malicious client to use an authorization code that has been issued to a different client...

9.8CVSS7.3AI score0.13836EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/02/11 7:15 p.m.7 views

CVE-2013-5582

Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AAv3.2.exe file...

7.8CVSS5.6AI score0.03636EPSS
Exploits5References2
CNVD
CNVD
added 2019/09/11 12:0 a.m.1 views

Denial of Service Vulnerability in Baidu's Skyworks Intelligence Platform

Baidu Tiangong Intelligence Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. There is a denial-of-service vulnerability in the Baidu Skyworks Intelligent...

6.9AI score
Exploits0
CNVD
CNVD
added 2019/09/11 12:0 a.m.1 views

Unauthorized access vulnerability in Baidu's Tiangong Intelligence Platform ( CNVD-2019-34660)

Baidu Tiangong Intelligence Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. An unauthorized access vulnerability exists in the Baidu Tiangong Intelligent...

6.9AI score
Exploits0
OSV
OSV
added 2019/08/28 8:15 p.m.4 views

DEBIAN-CVE-2019-10052

An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parseclientidoption in the dhcp/parser.rs file...

7.5CVSS7.2AI score0.02124EPSS
Exploits1References1
Veracode
Veracode
added 2019/01/15 8:55 a.m.26 views

Denial Of Service (DoS)

dhcp is vulnerable to denial of service DoS attacks. The vulnerability exists as ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...

6.1CVSS5.7AI score0.12985EPSS
Exploits1References16Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/06/14 12:0 a.m.7 views

The vulnerability of the ISC DHCP server, related to insufficient validation of input data, allows a attacker to trigger a service failure.

The vulnerability of the ISC DHCP server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted request that includes a zero-length client identifier...

5CVSS5.5AI score0.76412EPSS
Exploits7References10Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/03/24 12:0 a.m.91 views

RHEL 7 : Red Hat Gluster Storage 3.2.0 (RHSA-2017:0486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0486 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies dat...

7.8CVSS6.4AI score0.00457EPSS
Exploits0References331
Tenable Nessus
Tenable Nessus
added 2017/03/24 12:0 a.m.54 views

RHEL 6 : Red Hat Gluster Storage 3.2.0 (RHSA-2017:0484)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0484 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies dat...

7.8CVSS6.4AI score0.00457EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2017/03/23 5:18 a.m.82 views

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.5AI score0.00457EPSS
Exploits0References328
RedHat Linux
RedHat Linux
added 2017/03/23 5:6 a.m.45 views

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

An update is now available for Red Hat Gluster Storage 3.2 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.5AI score0.00457EPSS
Exploits0References12
CNVD
CNVD
added 2015/04/02 12:0 a.m.3 views

SAP EMR Unwired and Clinical Task Tracker Access Restriction Bypass Vulnerabilities

SAP EMR Unwired is a mobile app that enables physicians and nurses to instantly access patient data when they need it.SAP Clinical Task Tracker is an easy and secure way to access clinical tasks assigned to your patients anytime, anywhere. SAP EMR Unwired and Clinical Task Tracker fail to properl...

6.4CVSS6.8AI score0.01209EPSS
Exploits0References1
NVD
NVD
added 2012/07/25 10:42 a.m.13 views

CVE-2012-3571

ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a malformed client identifier...

6.1CVSS6.2AI score0.12985EPSS
Exploits1References13
NVD
NVD
added 2012/07/25 10:42 a.m.19 views

CVE-2012-3570

Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service segmentation fault and daemon exit via a crafted client identifier parameter...

5.7CVSS6.6AI score0.02572EPSS
Exploits0References5
Rows per page
Query Builder