Lucene search
+L

82 matches found

OSV
OSV
added 2022/05/18 11:3 a.m.3 views

OESA-2022-1657 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0,...

9.8CVSS7.2AI score0.02752EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:50 a.m.31 views

Missing Release of Resource after Effective Lifetime in Jenkins

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

7.5CVSS4.4AI score0.01673EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/13 1:50 a.m.2 views

GHSA-2632-H32J-6RG9 Missing Release of Resource after Effective Lifetime in Jenkins

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials...

7.5CVSS6.8AI score0.01673EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2022/05/07 7:0 a.m.4 views

cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

...

5.3CVSS6.4AI score0.01866EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/05/03 6:37 a.m.44 views

CVE-2022-29869

A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs...

5.3CVSS1.9AI score0.01866EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/28 1:15 a.m.3 views

CVE-2022-29869

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign characters but is not a valid credentials file...

5.3CVSS6.8AI score0.01866EPSS
Exploits0References12
OSV
OSV
added 2022/04/26 4:15 p.m.5 views

UBUNTU-CVE-2022-24883

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server...

9.8CVSS7.3AI score0.02265EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/04/26 12:0 a.m.4 views

CVE-2022-24883 FreeRDP Server authentication might allow invalid credentials to pass

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server side authentication against a SAM file might be successful for invalid credentials if the server has configured an invalid SAM file path. FreeRDP based clients are not affected. RDP server...

7.4CVSS9.7AI score0.02265EPSS
Exploits0References9
OSV
OSV
added 2022/02/10 2:15 p.m.6 views

CVE-2021-45901

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists...

5.3CVSS5.8AI score0.14316EPSS
Exploits5References3
Huntr
Huntr
added 2022/01/21 9:57 a.m.21 views

in heroiclabs/nakama

Description It is possible to enumerate usernames via the Log-In function. Proof of Concept The login response provides information, whether the username is registered or not in the application. If the user is registered, and wrong password provided, the following information being displayed:...

2.6AI score
Exploits0
OSV
OSV
added 2021/12/23 10:15 p.m.8 views

CVE-2020-35398

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted...

5.3CVSS5.8AI score0.01117EPSS
Exploits1References2
NVD
NVD
added 2021/12/23 10:15 p.m.20 views

CVE-2020-35398

An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted...

5.3CVSS0.01117EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/23 12:0 a.m.5 views

Nch Software UTI Mutual fund 安全漏洞

Nch Software Uti Mutual Fund is an application for investing in mutual funds from Nch Software Australia. security vulnerability exists in versions of Nch Software UTI Mutual fund for Android prior to 5.4.18, which could be exploited by an attacker to forcibly enumerate user names identified by a...

5.3CVSS5.6AI score0.01117EPSS
Exploits1References3
Veeam
Veeam
added 2021/12/09 12:0 a.m.100 views

REST API Error: S3 Error: The difference between the request time and the current time is too large / Invalid Credentials for Amazon S3

Challenge This article covers two different errors that occur when performing different tasks, but have the same root cause: When adding S3 Object Storage to Veeam Console, Veeam displays the follow error: Failed to list S3 buckets: check if the specified account has required permissions REST API...

6.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/11 12:0 a.m.32 views

Cisco IOS Software Multiple DoS Vulnerabilities (cisco-sa-20180328-slogin)

According to its self-reported version, Cisco IOS Software is affected by two denial of service DoS vulnerabilities the Login Enhancements Login Block feature due to an attempt to free an area of memory that has not been previously allocated. An unauthenticated, remote attacker can trigger a relo...

7.1CVSS5.9AI score0.05032EPSS
Exploits0References5
OSV
OSV
added 2019/11/06 6:15 p.m.4 views

CVE-2019-6122

A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address...

3.1CVSS5.8AI score0.01044EPSS
Exploits1References2
OSV
OSV
added 2019/04/26 5:29 p.m.3 views

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

7.5CVSS7.2AI score0.01641EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2019/04/26 4:10 p.m.22 views

CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

7.5CVSS8.7AI score0.01641EPSS
Exploits1
CVE
CVE
added 2019/04/26 4:10 p.m.140 views

CVE-2019-9809

CVE-2019-9809 affects Mozilla Firefox before 66.0. The issue arises when a page sources resources over FTP; invalid credentials or locations can trigger a series of modal alerts that cannot be dismissed, causing a denial of service. Affected product/version: Firefox

7.5CVSS7.5AI score0.01641EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/03/20 12:0 a.m.10 views

UBUNTU-CVE-2019-9809

If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service DOS attack. This...

7.5CVSS7.2AI score0.01641EPSS
Exploits1References5
Rows per page
Query Builder