Lucene search
K

115 matches found

CNNVD
CNNVD
added 2023/09/27 12:0 a.m.4 views

One Identity Password Manager Security Vulnerability

One Identity Password Manager is a web platform for providing authentication from US-based One Identity. A security vulnerability exists in One Identity Password Manager version 5.9.7.1 that originates from allowing an attacker with physical access to elevate privileges to SYSTEM...

7.6CVSS6.6AI score0.00473EPSS
Exploits0References2
Broadcom
Broadcom
added 2023/06/13 12:0 a.m.45 views

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.5CVSS7.5AI score0.02383EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/03 12:0 a.m.24 views

GLSA-202305-09 : syslog-ng: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202305-09 syslog-ng: Denial of Service - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the...

7.5CVSS7.4AI score0.02383EPSS
Exploits0References3
Prion
Prion
added 2023/01/23 4:15 p.m.23 views

Integer overflow

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

5CVSS7.5AI score0.02383EPSS
Exploits0References7Affected Software2
UbuntuCve
UbuntuCve
added 2023/01/23 4:15 p.m.56 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.5CVSS7.2AI score0.02383EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/01/23 12:0 a.m.24 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.5CVSS7.6AI score0.02383EPSS
Exploits0
Cvelist
Cvelist
added 2023/01/23 12:0 a.m.43 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.8AI score0.02383EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/01/23 12:0 a.m.8 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.8AI score0.02383EPSS
Exploits0References7
OSV
OSV
added 2023/01/23 12:0 a.m.24 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.5CVSS7.5AI score0.02383EPSS
Exploits0References9
CVE
CVE
added 2023/01/23 12:0 a.m.103 views

CVE-2022-38725

The CVE-2022-38725 issue is an integer overflow in the RFC3164 parser of One Identity syslog-ng 3.0 through 3.37, leading to Denial of Service when processing crafted syslog input. Affected products also include syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0. Multiple connected s...

7.5CVSS7.4AI score0.02383EPSS
Exploits0References7Affected Software2
AlpineLinux
AlpineLinux
added 2023/01/23 12:0 a.m.18 views

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

7.5CVSS7.7AI score0.02383EPSS
Exploits0
OSV
OSV
added 2020/11/13 7:15 p.m.5 views

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5.3CVSS6.1AI score0.00861EPSS
Exploits0References1
NVD
NVD
added 2020/11/13 7:15 p.m.11 views

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5.3CVSS5.3AI score0.00861EPSS
Exploits0References1
Prion
Prion
added 2020/11/13 7:15 p.m.11 views

Default credentials

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5CVSS5.3AI score0.00861EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/13 6:55 p.m.18 views

CVE-2020-7962

An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is...

5.3AI score0.00861EPSS
Exploits0References1
CVE
CVE
added 2020/11/13 6:55 p.m.55 views

CVE-2020-7962

CVE-2020-7962 affects One Identity Password Manager 5.8. An attacker can enumerate valid answers for a user by distinguishing response content; a valid answer can be detected because WRONG ID is only returned when the answer is incorrect. This can enable reuse of a correct answer for later passwo...

5.3CVSS5.3AI score0.00861EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/05 12:0 a.m.1 views

One Identity Cloud Access Manager Cross-Site Request Forgery Vulnerability

One Identity Cloud Access Manager CAM is a Web-based access management solution from US-based One Identity. The product supports single sign-on, multi-factor authentication, access control and auditing. A cross-site request forgery vulnerability exists in One Identity CAM versions prior to 8.1.4...

6.5CVSS6.8AI score0.00732EPSS
Exploits2References1
NVD
NVD
added 2019/11/04 6:15 p.m.19 views

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

6.5CVSS6.6AI score0.00732EPSS
Exploits2References2
OSV
OSV
added 2019/11/04 6:15 p.m.4 views

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

6.5CVSS6.6AI score0.00732EPSS
Exploits2References2
NVD
NVD
added 2019/11/04 5:15 p.m.21 views

CVE-2019-13496

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response...

8.1CVSS7.9AI score0.00849EPSS
Exploits2References2
Rows per page
Query Builder