Lucene search
K

167 matches found

Prion
Prion
added 2022/10/12 9:15 p.m.32 views

Authentication flaw

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2...

5CVSS7.5AI score0.01348EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.7 views

HCL Technologies HCL Verse 信任管理问题漏洞

HCL Technologies HCL Verse is a mobile application from HCL Technologies India that allows access to emails and life plan management.A security vulnerability exists in versions of HCL Technologies HCL Verse for Android prior to version 12.0.9, which stems from a server setup and login process in...

6.3CVSS6AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2022/04/09 5:15 p.m.2 views

CVE-2022-28363

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability XSS in the /goform/loginprocess username parameter via GET. No authentication is required...

6.1CVSS5.7AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/04/09 5:15 p.m.8 views

CVE-2022-28363

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability XSS in the /goform/loginprocess username parameter via GET. No authentication is required...

6.1CVSS5.8AI score0.04267EPSS
Exploits3References5
CNNVD
CNNVD
added 2022/04/09 12:0 a.m.4 views

Reprise Software Reprise License Manager 跨站脚本漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications. A cross-site scripting vulnerabilit...

6.1CVSS5.9AI score0.04267EPSS
Exploits3References5
NVD
NVD
added 2022/03/22 4:15 p.m.22 views

CVE-2021-43650

WebRun 3.6.0.42 is vulnerable to SQL Injection via the P0 parameter used to set the username during the login process...

9.8CVSS0.06158EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2021/12/13 4:15 a.m.3 views

CVE-2021-44155

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5.3CVSS6AI score0.01846EPSS
Exploits3References4
OSV
OSV
added 2021/12/13 4:15 a.m.4 views

CVE-2021-44155

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5.3CVSS5.8AI score0.01846EPSS
Exploits3References3
NVD
NVD
added 2021/12/13 4:15 a.m.24 views

CVE-2021-44155

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5.3CVSS0.01846EPSS
Exploits3References3
Prion
Prion
added 2021/12/13 4:15 a.m.14 views

Design/Logic Flaw

An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...

5CVSS5.2AI score0.01846EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2021/12/13 12:0 a.m.50 views

CVE-2021-44155

The CVE describes a user-enumeration flaw in Reprise License Manager (RLM) 14.2 affecting the /goform/login_process API. When attempting to log in, the response reveals a valid username by returning a “Login Failed” message, whereas an invalid username does not include that string, enabling an at...

5.3CVSS5.1AI score0.01846EPSS
Exploits3References3Affected Software1
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.3 views

Docker 信息泄露漏洞

Docker is an open source application container engine from the American company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrading of applications...

7.5CVSS6.4AI score0.01536EPSS
Exploits0References15
NVD
NVD
added 2021/09/15 10:15 p.m.25 views

CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

10CVSS0.99556EPSS
Exploits9References4
NVD
NVD
added 2021/09/15 10:15 p.m.21 views

CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

10CVSS0.99871EPSS
Exploits12References4
Cvelist
Cvelist
added 2021/09/15 9:50 p.m.29 views

CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

9.9AI score0.99556EPSS
Exploits9References3
Cvelist
Cvelist
added 2021/09/15 9:36 p.m.29 views

CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

9.9AI score0.99871EPSS
Exploits12References3
Vulnrichment
Vulnrichment
added 2021/09/15 9:36 p.m.30 views

CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

7.4AI score0.99871EPSS
Exploits12References3
ATTACKERKB
ATTACKERKB
added 2021/09/15 12:0 a.m.31 views

CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Recent assessments: cbeek-r7 at September 06, 2024 6:04pm UTC reported: On September 5th 2024, CISA...

10CVSS9.6AI score0.99871EPSS
In wildExploits13References4
Cvelist
Cvelist
added 2021/07/30 9:8 p.m.31 views

CVE-2021-27495

Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint...

7.1AI score0.0081EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/01/20 12:0 a.m.38 views

EulerOS 2.0 SP3 : dovecot (EulerOS-SA-2021-1064)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource...

7.5CVSS6.6AI score0.05215EPSS
Exploits2References3
Rows per page
Query Builder