Lucene search
K

56 matches found

OSV
OSV
added 2019/10/08 8:15 p.m.5 views

CVE-2019-0379

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

5.3CVSS6.1AI score0.00805EPSS
Exploits0References2
OSV
OSV
added 2019/04/02 2:29 p.m.3 views

CVE-2018-1680

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236...

7.5CVSS5.8AI score0.01484EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:4 a.m.33 views

Authorization Bypass

jboss-as-security is vulnerable to authorization bypass attacks. The vulnerability exists as the org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 uses the default security domain when a securi...

3.5CVSS5.8AI score0.01739EPSS
Exploits0References36Affected Software89
RedHat Linux
RedHat Linux
added 2016/04/13 1:6 a.m.44 views

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

5.9CVSS6.7AI score0.10232EPSS
Exploits0References5
CERT
CERT
added 2015/08/20 12:0 a.m.29 views

Dedicated Micros DVR products use plaintext protocols and require no password by default

Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...

10CVSS9.8AI score0.02941EPSS
Exploits1References5
CNVD
CNVD
added 2015/07/18 12:0 a.m.5 views

Juniper Junos IPv6 SEND Handling Denial of Service Vulnerability

Juniper Networks JUNOS is an operating system that runs on Juniper Networks' line of border routers and more. A denial of service vulnerability exists in IPv6 sendd in Juniper Networks Junos. When the program is configured with the 'set protocols neighbor-discovery secure security-level default'...

5CVSS6.8AI score0.01759EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.4 views

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

3.5CVSS5.7AI score0.01739EPSS
Exploits0References4
OSV
OSV
added 2014/04/17 2:55 p.m.2 views

DEBIAN-CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

6.4CVSS7AI score0.01819EPSS
Exploits0References1
OSV
OSV
added 2014/04/17 2:55 p.m.3 views

UBUNTU-CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

6.4CVSS5.8AI score0.01819EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/04/17 2:0 p.m.51 views

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

6.4CVSS6.4AI score0.01819EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2014/03/04 7:10 p.m.5 views

PackStack: Neutron Security Groups fail to block network traffic

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

6.4CVSS5.9AI score0.01819EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2008/09/22 1:2 p.m.6 views

Apache Tomcat's default security policy is too open

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

6.4CVSS6.1AI score0.05156EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/04/28 9:15 a.m.4 views

Apache Tomcat's default security policy is too open

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

6.4CVSS6.1AI score0.05156EPSS
Exploits1References4
Atlassian
Atlassian
added 2008/01/10 3:35 a.m.21 views

Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.

When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...

0.4AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2006/06/30 12:0 a.m.40 views

Cisco wireless access points unauthorized access

It's possible reset access point security settings to defaults...

3.4AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/07/12 12:0 a.m.25 views

Solaris 8 (x86) : 116442-01

SunOS 5.8x86: Solaris sadmind default sec. Date this patch was last updated by Sun : Feb/06/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

10CVSS6.7AI score0.69862EPSS
Exploits8References2
Rows per page
Query Builder