Lucene search
K

102 matches found

Cvelist
Cvelist
added 2020/12/09 4:28 p.m.34 views

CVE-2020-26816

SAP AS JAVA Key Storage Service, versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access ...

5.4CVSS5.3AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2020/12/09 4:28 p.m.60 views

CVE-2020-26816

The CVE-2020-26816 issue affects SAP NetWeaver AS Java Key Storage Service. Key material is stored in DER-encoded format in the database and is not encrypted, enabling an administrator to decode the keys and potentially access application data and client credentials of adjacent systems, impacting...

5.4CVSS5.2AI score0.00167EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/29 4:26 p.m.25 views

GHSA-5JPF-PJ32-XX53 Authorization header is not sanitized in an error object in auth0

Overview Versions before and including 2.27.0 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be...

7.7CVSS7.5AI score0.01539EPSS
Exploits0References5
NVD
NVD
added 2020/06/29 2:15 p.m.28 views

CVE-2019-18248

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

4.3CVSS0.00351EPSS
Exploits0References1
Prion
Prion
added 2020/06/29 2:15 p.m.19 views

Design/Logic Flaw

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

3.3CVSS4.7AI score0.00351EPSS
Exploits0References1Affected Software2
ThreatPost
ThreatPost
added 2020/03/20 8:28 p.m.85 views

Revamped HawkEye Keylogger Swoops in on Coronavirus Fears

There’s a new variant of the HawkEye keylogging malware making the rounds, featuring expanded info-stealing capabilities. Its operators are looking to capture the zeitgeist around the novel coronavirus. It’s being distributed using spam that purports to be an “alert” from the Director-General of...

7.5AI score
Exploits0References9
NVD
NVD
added 2019/08/05 5:15 p.m.17 views

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

7.8CVSS6.3AI score0.02088EPSS
Exploits0References2
OSV
OSV
added 2019/08/05 5:15 p.m.28 views

CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

7.8CVSS6.5AI score0.02088EPSS
Exploits0References2
Prion
Prion
added 2019/08/05 5:15 p.m.25 views

Design/Logic Flaw

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

2.1CVSS7.4AI score0.02088EPSS
Exploits0References2Affected Software46
Cvelist
Cvelist
added 2019/08/05 4:38 p.m.30 views

CVE-2019-3800 CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

6.3CVSS7.5AI score0.02088EPSS
Exploits0References2
CVE
CVE
added 2019/08/05 4:38 p.m.88 views

CVE-2019-3800

CF CLI before v6.45.0 (bosh release 1.16.0) stores the client id and secret in the CLI config file upon authentication with --client-credentials. A local authenticated user with access to that config can impersonate the leaked client. Impact is high for confidentiality and integrity of the creden...

7.8CVSS6.5AI score0.02088EPSS
Exploits0References2Affected Software9
Cloud Foundry
Cloud Foundry
added 2019/07/18 12:0 a.m.137 views

CVE-2019-3800: CF CLI writes the client id and secret to config file | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions Severity is medium unless otherwise noted. CF CLI All versions prior to v6.45.0 CF CLI Release All versions prior to v1.16.0 CF Networking Release All versions Prior to v2.23.0 CF Routing Release All...

7.8CVSS6.6AI score0.02088EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/02/15 12:0 a.m.16 views

CentOS Update for elinks CESA-2013:0250 centos6

Check for the Version of elinks OpenVAS Vulnerability Test CentOS Update for elinks CESA-2013:0250 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

5.1CVSS6.4AI score0.0191EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/02/15 12:0 a.m.19 views

CentOS Update for elinks CESA-2013:0250 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.1CVSS5.9AI score0.0191EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/02/15 12:0 a.m.16 views

CentOS Update for elinks CESA-2013:0250 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.1CVSS5.9AI score0.0191EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/02/12 12:0 a.m.22 views

RHEL 5 / 6 : elinks (RHSA-2013:0250)

An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

5.1CVSS5.8AI score0.0191EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/02/12 12:0 a.m.21 views

Scientific Linux Security Update : elinks on SL5.x, SL6.x i386/x86_64 (20130211)

It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. CVE-2012-4545 %NASLMINLEVEL...

5.1CVSS5.8AI score0.0191EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/02/12 12:0 a.m.26 views

CentOS 5 / 6 : elinks (CESA-2013:0250)

An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

5.1CVSS5.8AI score0.0191EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/02/11 6:6 p.m.4 views

elinks: Improper delegation of client credentials during GSS negotiation

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

5.1CVSS6.3AI score0.0191EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2012/02/09 4:47 p.m.7 views

After Damaging Reports, Electronics Manufacturing Giant Foxconn Is Hacked

Members of an online hacking group that calls itself SwaggSec say they hacked systems belonging to Chinese electronics manufacturing giant Foxconn and made off with login credentials belonging to some of the company’s biggest clients. Foxconn has declined to comment. The incident comes in the wak...

0.5AI score
Exploits0References4
Rows per page
Query Builder