Lucene search
K

55 matches found

Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.5 views

PT-2022-18671 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns insufficient verification of data authenticity, which can cause the software to display logic that differs from the compiled logic...

5.5CVSS5.3AI score0.00117EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/07/18 12:0 a.m.5 views

The vulnerability of the Thunderbird email client, related to insufficient verification of data authenticity, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Thunderbird email client stems from insufficient verification of data authenticity when the space character is used in the Braille table. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sendi...

7.6CVSS6.8AI score0.0038EPSS
Exploits0References12Affected Software7
BDU FSTEC
BDU FSTEC
added 2022/06/24 12:0 a.m.5 views

The vulnerability of the check function of the Cisco Adaptive Security Device Manager (ASDM) in the Cisco Adaptive Security Appliance Software (ASA) allows a hacker to execute arbitrary code.

The vulnerability of the Cisco Adaptive Security Device Manager ASDM verification function in the Cisco Adaptive Security Appliance Software ASA lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafte...

10CVSS7.9AI score0.03206EPSS
Exploits1References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.4 views

The vulnerability of the Datagram TLS implementation in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.

The vulnerability of the Datagram TLS implementation in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to induce service failure through specially created DTLS traffic...

5.8CVSS7.2AI score0.00666EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.3 views

Dell Client Commercial 数据伪造问题漏洞

Dell Client Commercial is a line of workstation equipment from Dell, Inc. The Dell Client Commercial has a security vulnerability that stems from the device's susceptibility to an insufficient data authentication vulnerability. An authenticated attacker could use this vulnerability to install...

5.1CVSS5.6AI score0.00136EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.5 views

The vulnerability of the Open vSwitch network service provided by Neutron, related to insufficient data authentication checks, allows attackers to access confidential data and cause service failures.

The vulnerability of the Open vSwitch network service provided by Neutron relates to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, as well as cause service failures through specially crafted packets...

7.1CVSS6.6AI score0.01015EPSS
Exploits0References7Affected Software2
OpenVAS
OpenVAS
added 2021/08/13 12:0 a.m.28 views

OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Windows

OpenSSL is prone to timing-based attacks on SSL/TLS with CBC encryption. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

5CVSS6.5AI score0.13718EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/08/13 12:0 a.m.21 views

OpenSSL: Timing-based attacks on SSL/TLS with CBC encryption (CVE-2003-0078) - Linux

OpenSSL is prone to timing-based attacks on SSL/TLS with CBC encryption. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

5CVSS6.5AI score0.13718EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/04 12:0 a.m.3 views

PT-2020-5141 · Cncf · Envoy

Name of the Vulnerable Software and Affected Versions: CNCF Envoy versions prior to 1.13.0 Description: The issue is related to insufficient authentication of data in the Envoy network software. It allows a remote attacker to bypass security restrictions by using only TLS 1.3, which could lead to...

5.3CVSS6.3AI score0.00606EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.5 views

The vulnerability of the automatic update function of the security service for Umbrella Roaming Client for Windows allows a hacker to install arbitrary applications on the target device.

The vulnerability of the automatic update function for the Umbrella Roaming Client security service for Windows devices relates to insufficient data authentication checks. Exploiting this vulnerability could allow attackers to install arbitrary applications on target devices...

4.6CVSS5.6AI score0.00183EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/07/30 9:15 p.m.34 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS8.1AI score0.00668EPSS
Exploits1References3
NVD
NVD
added 2019/07/17 2:15 p.m.19 views

CVE-2019-1010084

Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to ensureauth wrapper result in authentication-checking not being applied to al routes...

6.5CVSS6.5AI score0.01131EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.2 views

Cloudera Manager Cross-Site Scripting Vulnerability

Cloudera Manager is a suite of Hadoop data management software from Cloudera. The software supports creating clusters, authentication, data backup and recovery, and more. A cross-site scripting vulnerability exists in Cloudera Manager. The vulnerability stems from the lack of proper authenticatio...

6.1CVSS6.6AI score0.00654EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/08/10 6:29 p.m.6 views

CVE-2018-10626

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLin...

4.4CVSS6.1AI score0.00361EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2004/11/10 12:0 a.m.34 views

Debian DSA-566-1 : cupsys - unsanitised input

An information leak has been detected in CUPS, the Common UNIX Printing System, which may lead to the disclosure of sensitive information, such as user names and passwords which are written into log files. The used patch only eliminates the authentication information in the device URI which is...

2.1CVSS5.3AI score0.00445EPSS
Exploits0References2
Rows per page
Query Builder