Lucene search
K

80 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.14 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS7.3AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:31 a.m.9 views

CVE-2013-3280

EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash...

7.5CVSS7AI score0.0228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 3:14 a.m.8 views

CVE-2025-32028

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

9.9CVSS6.9AI score0.01838EPSS
Exploits1References1
NVD
NVD
added 2025/04/08 4:15 p.m.19 views

CVE-2025-32028

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

9.9CVSS0.01838EPSS
Exploits1References1
NVD
NVD
added 2024/09/25 5:15 p.m.33 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS0.00417EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:53 a.m.26 views

BIT-CONSUL-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.3AI score0.0174EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.5 views

PT-2023-9658 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Cisco UTD Snort IPS Engine could allow an unauthenticated, remote...

6.5CVSS7.3AI score0.00417EPSS
Exploits0References8
OSV
OSV
added 2023/11/07 8:15 p.m.2 views

DEBIAN-CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

6.5CVSS6.7AI score0.01151EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/11/07 7:14 p.m.60 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0
CNVD
CNVD
added 2023/06/30 12:0 a.m.24 views

Cisco Duo Authentication Error Vulnerability

Cisco Duo is a fully managed solution from Cisco, Inc. Provides secure access to your applications and data. An authentication error vulnerability exists in Cisco Duo Two-Factor Authentication, which arises from incorrectly handling responses from Cisco Duo when the application is configured to...

6.6CVSS6.6AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2023/06/28 3:15 p.m.2 views

CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configur...

6.6CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/21 4:0 p.m.4 views

CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configur...

6.6CVSS6.7AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2021/07/17 6:15 p.m.21 views

CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.4AI score
Exploits0References4
Prion
Prion
added 2021/07/17 6:15 p.m.26 views

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

5CVSS7.3AI score0.0174EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/07/17 6:15 p.m.3 views

UBUNTU-CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.1AI score0.0174EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2021/07/17 6:15 p.m.23 views

CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.1AI score0.0174EPSS
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/07/15 11:29 p.m.6 views

Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using defaultpolicy = "deny" with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. This vulnerability, CVE-2021-36213,...

7.5CVSS6.5AI score0.0174EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/10/15 10:15 a.m.23 views

CVE-2020-7326

Improperly implemented security check in McAfee Active Response MAR prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed...

6.7CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 2018/11/27 1:29 p.m.15 views

CVE-2018-17953

A incorrect variable in a SUSE specific patch for pamaccess rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pamaccess rules not being applied fail open...

9.3CVSS7.6AI score0.01342EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/27 1:0 p.m.17 views

CVE-2018-17953 pam_access does not handle netmask matches correctly

A incorrect variable in a SUSE specific patch for pamaccess rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pamaccess rules not being applied fail open...

7.5CVSS7.9AI score0.01342EPSS
Exploits0References1
Rows per page
Query Builder