Lucene search
K

55 matches found

BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.7 views

The vulnerability of the Open vSwitch (OvS) multi-level switch lies in insufficient data authentication, which allows attackers to redirect ICMPv6 traffic to arbitrary IP addresses.

The vulnerability of the Open vSwitch OvS multi-level switch lies in insufficient verification of data authenticity. Exploiting this vulnerability allows an attacker to redirect ICMPv6 traffic to arbitrary IP addresses...

5.5CVSS6.6AI score0.00389EPSS
Exploits0References13Affected Software8
Redos
Redos
added 2024/04/10 12:0 a.m.36 views

ROS-20240410-20

A vulnerability in e-Tugra root certificates of SSL Certifi's SSL certificate validation package is related to with insufficient data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely to execute a man-in-the-middle attack...

9.8CVSS7.3AI score0.00472EPSS
Exploits0
Redos
Redos
added 2024/04/10 12:0 a.m.13 views

ROS-20240410-25

A vulnerability in e-Tugra root certificates of SSL Certifi's SSL certificate validation package is related to with insufficient data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely to execute a man-in-the-middle attack...

9.8CVSS7AI score0.00472EPSS
Exploits0
Redos
Redos
added 2024/04/08 12:0 a.m.24 views

ROS-20240408-16

A vulnerability in SendMail SMTP Server software is related to insufficient data authentication data. Exploitation of the vulnerability could allow a remote attacker to bypass the security mechanism and inject e-mail messages with a spoofed MAIL FROM address. security mechanism and inject e-mail...

5.3CVSS6.9AI score0.01073EPSS
Exploits2
OSV
OSV
added 2024/03/06 11:3 a.m.49 views

BIT-PYTHON-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

5.3CVSS6AI score0.0079EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.3 views

PT-2023-9182 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue is related to insufficient data authentication in the Trend Micro Apex One security agent, which could allow a local attacker to escalate privileges on affected...

7.8CVSS7.5AI score0.00354EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/11/03 12:0 a.m.19 views

Amazon Linux AMI : python27 (ALAS-2023-1876)

The version of python27 installed on the remote host is prior to 2.7.18-2.148. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1876 advisory. An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It...

5.3CVSS7.2AI score0.0079EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.4 views

The vulnerability of the BIG-IP Edge installer client for macOS against software tools from BIG-IP (such as APM and APM Clients) allows attackers to increase their privileges.

The vulnerability of the BIG-IP Edge installer’s client for macOS, which relies on software tools like BIG-IP APM and APM Clients, is related to insufficient data authentication checks. Exploiting this vulnerability can allow attackers to increase their privileges...

7.8CVSS7.2AI score0.0014EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.3 views

PT-2023-9181 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue is related to insufficient data authentication in the Trend Micro Apex One security agent, allowing a local attacker to escalate privileges on affected installations...

7.8CVSS8.1AI score0.00552EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2023/08/31 12:0 a.m.5 views

The vulnerability of the Zoom Desktop for Windows video conferencing software in relation to insufficient data authentication checks allows attackers to exploit their privileges.

The vulnerability of the Zoom Desktop for Windows video conferencing software-related software lies in insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS7.5AI score0.00455EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2023/08/25 12:0 a.m.34 views

CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is...

5.3CVSS7.1AI score0.0079EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/03 12:0 a.m.5 views

PT-2023-4166 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.11.20 through 3.5.19.20 Description: The issue is related to insufficient data authentication in the CODESYS Development System, which may allow a remote attacker to modify the content of notifications...

10CVSS7.5AI score0.01034EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/07/28 12:0 a.m.5 views

The vulnerabilities of microprogrammed software in Honeywell Experion PKS programmable logic controllers, Honeywell Experion LX measurement and control controllers, and the Experion PlantCruise distribution control system allow a intruder to gain unauthorized access to protected information.

The vulnerabilities of microprogrammed software in Honeywell Experion PKS programmable logic controllers, Honeywell Experion LX measurement and control controllers, and the Experion PlantCruise distribution control system are related to insufficient data authentication checks. Exploiting these...

7.8CVSS7.8AI score0.00433EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.281 views

OpenSSL 3.0.0 < 3.0.10 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.10 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functio...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.5 views

PT-2023-3878 · Honeywell · Honeywell Experion Pks +2

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS affected versions not specified Honeywell Experion LX affected versions not specified Experion PlantCruise affected versions not specified Description: The issue is related to insufficient data authentication in the...

9.8CVSS8AI score0.00433EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.5 views

WordPress Plugin uListing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin uListing suffers from a...

9.8CVSS8.4AI score0.014EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/01/04 12:0 a.m.6 views

The vulnerability of the SSH network protocol implementation in microprogrammable industrial network interfaces SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C arises from insufficient data authentication checks. This allows attackers to trigger service failures.

The vulnerability of the SSH network protocol implementation in microprogrammable industrial network interfaces such as SCALANCE SC622-2C, SC626-2C, SC632-2C, SC636-2C, SC642-2C, and SC646-2C is related to insufficient resource control during their lifespan. Exploiting this vulnerability could...

6.8CVSS6.8AI score0.0087EPSS
Exploits0References4Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/01/03 12:0 a.m.4 views

The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller), as well as Citrix Gateway access control systems (formerly known as Citrix NetScaler Gateway), stems from insufficient verification of data authenticity. This allows attackers to gain access to servers configured in RDP proxy mode.

The vulnerability of Citrix ADC application delivery controllers formerly known as Citrix NetScaler Application Delivery Controller and Citrix Gateway access control systems formerly known as Citrix NetScaler Gateway is related to insufficient data authentication checks. Exploiting this...

10CVSS8AI score0.00275EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2022/12/08 4:15 p.m.15 views

Authorization

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link...

1.7CVSS5.5AI score0.00148EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.12 views

PT-2022-6382 · Nvidia · Nvidia Geforce +5

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows affected versions not specified NVIDIA GeForce, Studio, RTX/Quadro, NVS, and Tesla affected versions not specified Description: The issue is related to insufficient data authentication, which may allow an...

7.8CVSS8.1AI score0.00115EPSS
Exploits0References3
Rows per page
Query Builder