Lucene search
K

3858 matches found

CNNVD
CNNVD
added 2021/05/11 12:0 a.m.7 views

OctoPrint 跨站脚本漏洞

OctoPrint is an application. Provides a fast web interface for controlling consumer 3D printers. A cross-site request vulnerability existed prior to OctoPrint version 1.6.0. The vulnerability originated in the program because an API error message included the value of an input parameter. No...

6.1CVSS5.3AI score0.01143EPSS
Exploits1References4
ICS
ICS
added 2021/05/11 12:0 a.m.39 views

Siemens Mendix Excel Importer Module

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mendix, a subsidiary of Siemens Equipment: Mendix Excel Importer Module Vulnerability: Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this...

4.3CVSS4.8AI score0.00761EPSS
Exploits0References11
Citrix
Citrix
added 2021/04/29 12:0 a.m.6 views

Receiver for Chromebook Users Cannot Log On to Access Gateway Enterprise Edition

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. Users running the Receiver for Chromebook 1.0 cannot log on to Access Gateway Enterprise Edition...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2021/04/27 7:17 p.m.25 views

CVE-2021-3513

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...

7.5CVSS1.6AI score0.00661EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/04/22 9:0 p.m.23 views

CVE-2021-24232 Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)

The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue...

5.5AI score0.0062EPSS
Exploits2References1
Prion
Prion
added 2021/04/15 12:15 a.m.19 views

Information disclosure

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

4CVSS4.1AI score0.0161EPSS
Exploits0References1Affected Software4
Citrix
Citrix
added 2021/04/15 12:0 a.m.5 views

Mac Receiver Launches Application and Closes Abruptly

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. User is unable to log on from a MacBook using the Citrix Receiver for Mac. The session opens and...

7AI score
Exploits0
CNNVD
CNNVD
added 2021/04/14 12:0 a.m.5 views

Atlassian Jira Server & Data Center 安全漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...

4.3CVSS5.6AI score0.0161EPSS
Exploits0References2
Prion
Prion
added 2021/03/29 8:15 p.m.12 views

Code injection

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message...

5CVSS5.3AI score0.01149EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2021/03/26 12:0 a.m.12 views

Citrix PVS: Target Devices giving error message "login request timed out " after Power Outage

After an interruption in service, some target devices are giving an error "login request timed out"...

7.2AI score
Exploits0
CNVD
CNVD
added 2021/03/25 12:0 a.m.9 views

GitLab EE Information Disclosure Vulnerability (CNVD-2021-22909)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE has an information disclosure vulnerability. The...

4.3CVSS6.1AI score0.00831EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/03/24 12:0 a.m.4 views

PT-2021-14884 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.4 and later Description: An issue was identified that leaked internal IP address via error messages. Recommendations: For GitLab EE versions 13.4 and later, at the moment, there is no information about a newer version th...

4.3CVSS4.2AI score0.00831EPSS
Exploits0References11
Citrix
Citrix
added 2021/03/24 12:0 a.m.6 views

"Http/1.1 Internal Server Error 43531" when accessing Citrix Gateway after upgrading to version 13.0

Users will get the error "Http/1.1 Internal Server Error 43531" The ns.log will give error as below: Dec 23 14:52:26 , aaainfo flags 11 flags2 0, new webview 0, sess flags2 0, flags3 0 flags4 400 ssoDomain , ssoUsername: , ssoUsername2: " Dec 23 14:52:26 XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT...

7.2AI score
Exploits0
Citrix
Citrix
added 2021/03/23 12:0 a.m.14 views

SAML + LDAP using Nfactor gives error "You are not allowed to login. Please contact your administrator"

After hitting Netscaler for login, you are redirected to SAML and successfully login. Afterwards, you are redirected back to Netscaler and receive the error"You are not allowed to login. Please contact your administrator"...

7AI score
Exploits0
Citrix
Citrix
added 2021/03/22 12:0 a.m.7 views

Unable to Open Attachment in SecureMail More Than Certain Size

When attempting to open an attachment in Secure Mail which is greater than 'x' MB, it fails to open. The following error appears: "Sorry. There was a problem downloading this file" Example: Attachment 10MB or greater fails to open However, attachment with 9 MB or smaller size opens without any is...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2021/03/19 6:28 p.m.130 views

Exploit for Generation of Error Message Containing Sensitive Information in Zohocorp Manageengine_Servicedesk_Plus_Msp

Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User...

5.3CVSS5.9AI score0.17772EPSS
Exploits5
Hacker One
Hacker One
added 2021/03/16 8:39 p.m.14 views

HackerOne: Used email confirmation link reveals the email address which is tied to it

Summary: If an attacker finds an used email confirmation link the token is in URL s/he will be able to see the email address which is tied to the confirmation link ID. The attack itself is pretty unlikely but the application should show the generic error message like The confirmation ID is invali...

0.5AI score
Exploits0
OSV
OSV
added 2021/03/11 7:25 p.m.3 views

SUSE-SU-2021:0771-1 Security update for crmsh

This update for crmsh fixes the following issues: - Update to version 3.0.4+git.1614156978.4c1dc46d: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc117999...

8.8CVSS7.9AI score0.00994EPSS
Exploits1References8
Veracode
Veracode
added 2021/03/04 4:4 a.m.19 views

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious error message...

4.8CVSS3.8AI score0.00535EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/03 9:52 a.m.3 views

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

4.8CVSS5.4AI score0.00535EPSS
Exploits0References3
Rows per page
Query Builder