Lucene search
K

320 matches found

Cvelist
Cvelist
added 2024/11/15 2:54 p.m.22 views

CVE-2023-20154 Cisco Modeling Labs External Authentication Bypass Vulnerability

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated...

9.1CVSS0.00895EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

Cisco Modeling Labs 安全漏洞

Cisco Modeling Labs is a software application from Cisco, Inc. A local network simulation tool that runs on workstations and servers. A security vulnerability exists in Cisco Modeling Labs that stems from the improper handling of certain messages returned by the associated external authentication...

9.1CVSS7.1AI score0.00895EPSS
Exploits0References1
PyPA
PyPA
added 2024/11/06 3:15 p.m.10 views

PYSEC-2024-183

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

8.7CVSS7.1AI score0.00472EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/05 5:49 p.m.5 views

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 8:40 p.m.29 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

7.5CVSS6.1AI score0.01433EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/09/04 2:52 p.m.5 views

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/04 2:52 p.m.12 views

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/04 2:48 p.m.7 views

puppet-foreman: An authentication bypass vulnerability exists in Foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References4
NVD
NVD
added 2024/09/04 2:15 p.m.52 views

CVE-2024-7012

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS0.00769EPSS
Exploits0References6
CVE
CVE
added 2024/09/04 1:41 p.m.129 views

CVE-2024-7012

CVE-2024-7012 describes an authentication bypass in Foreman when deployed with External Authentication, caused by Apache’s mod_proxy failing to unset headers due to underscore handling in HTTP headers. The issue, as stated, could allow an unauthorized user to gain administrative access on all act...

9.8CVSS9.5AI score0.00769EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/09/04 1:41 p.m.4 views

CVE-2024-7012 Puppet-foreman: an authentication bypass vulnerability exists in foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

9.8CVSS5.7AI score0.00769EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.5 views

PT-2024-38030

Name of the Vulnerable Software and Affected Versions Foreman versions 6.13 through 6.15 Foreman with Gunicorn versions prior to 22.0 Description An authentication bypass issue has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This...

9.8CVSS9.8AI score0.00769EPSS
Exploits0References23
Citrix
Citrix
added 2024/07/16 12:0 a.m.12 views

Hotfix XS82ECU1066 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described in CTX691115 - XenServer and Citrix Hypervisor Security Update for CVE-2024-31143 and CVE-2024-31144 should install this hotfix...

7.5CVSS8.1AI score0.00507EPSS
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.21 views

Error: The Pool Failed to Enable External Authentication in XenServer

When attempting to enable external pool authentication in a XenServer 5.6 Feature Pack 1 pool, the operation fails with one or more of the following errors: “Error: The pool failed to enable external authentication.” “Error: Enabling Active Directory Authentication on pool '' - Could not enable...

7.3AI score
Exploits0
Amazon
Amazon
added 2024/06/24 12:0 a.m.4 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...

8.6CVSS7.2AI score0.00751EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/08 10:36 p.m.65 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

9.8CVSS9.1AI score0.99999EPSS
Exploits23Affected Software1
OSV
OSV
added 2024/03/06 10:59 a.m.26 views

BIT-GRAFANA-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...

6.5CVSS6.7AI score0.0161EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.24 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...

8.6CVSS6.7AI score0.00751EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.41 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...

8.6CVSS6.6AI score0.00751EPSS
Exploits0References12
Amazon
Amazon
added 2024/03/05 12:0 a.m.5 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...

8.6CVSS7.1AI score0.00751EPSS
Exploits0
Rows per page
Query Builder