Lucene search
+L

290 matches found

Veracode
Veracode
added 2023/01/03 3:29 a.m.22 views

Information Disclosure

kiwitcms is vulnerable to information disclosure. The vulnerability exists because the common.py does not enable the password validators to avoid users choosing weak passwords when the users register new accounts or change passwords, allowing an attacker to guess the password...

8.8CVSS8.1AI score0.00681EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/01/02 4:15 p.m.35 views

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

8.8CVSS7.2AI score0.00681EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/02 3:56 p.m.9 views

CVE-2023-22451 Weak password requirements in Kiwi TCMS

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

6.5CVSS7.3AI score0.00681EPSS
Exploits0References3
CVE
CVE
added 2023/01/02 3:56 p.m.119 views

CVE-2023-22451

Kiwi TCMS (open source test management) has a CVE-2023-22451 vulnerability where versions ≤11.6 allow weak passwords during account creation or password changes due to missing validation. The root cause is insufficient password validation, mitigated in version 11.7 by defaults for AUTH_PASSWORD_V...

8.8CVSS7.6AI score0.00681EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/02 3:56 p.m.23 views

CVE-2023-22451 Weak password requirements in Kiwi TCMS

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

6.5CVSS8.7AI score0.00681EPSS
Exploits0References5
hivepro
hivepro
added 2022/11/23 12:13 p.m.63 views

Atlassian Addresses Issues in Crowd and Bitbucket Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...

3AI score0.98076EPSS
Exploits3
Veracode
Veracode
added 2022/11/08 10:33 a.m.30 views

Authentication Bypass

dovecot, edge is vulnerable to improper authentication. The vulnerability exists due to lack of password validation in dovecot, edge which allows a remote attacker access confidential information in the system...

8.8CVSS8.2AI score0.02071EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/09/08 1:15 p.m.19 views

CVE-2022-20923

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...

9.8CVSS0.0087EPSS
Exploits0References1
Prion
Prion
added 2022/09/08 1:15 p.m.24 views

Authentication flaw

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...

7.5CVSS9.7AI score0.0087EPSS
Exploits0References1Affected Software4
Vulnrichment
Vulnrichment
added 2022/09/08 12:30 p.m.14 views

CVE-2022-20923 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...

4CVSS7.5AI score0.0087EPSS
Exploits0References1
Cisco
Cisco
added 2022/09/07 4:0 p.m.53 views

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper...

4CVSS0.9AI score0.0087EPSS
Exploits0References1
Nextcloud
Nextcloud
added 2022/09/01 4:50 a.m.51 views

Generated passwords are not fully validated by HIBPValidator

None...

2.7CVSS4.5AI score0.00384EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.14 views

Ubuntu: Security Advisory (USN-868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.8AI score0.00571EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/07/19 1:40 p.m.5 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.06252EPSS
Exploits0References4
NVD
NVD
added 2022/07/18 12:15 a.m.19 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS0.0103EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/18 12:15 a.m.5 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS7.2AI score0.0103EPSS
Exploits1References2
OSV
OSV
added 2022/07/18 12:15 a.m.4 views

DEBIAN-CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS8.6AI score0.0103EPSS
Exploits1References1
OSV
OSV
added 2022/07/18 12:15 a.m.24 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2022/07/18 12:15 a.m.27 views

Design/Logic Flaw

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

7.5CVSS9.6AI score0.0103EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/07/18 12:15 a.m.38 views

CVE-2021-40874

An issue was discovered in LemonLDAP::NG aka lemonldap-ng 2.0.13. When using the RESTServer plug-in to operate a REST password validation service for another LemonLDAP::NG instance, for example and using the Kerberos authentication method combined with another method with the Combination...

9.8CVSS7.2AI score0.0103EPSS
Exploits1References3
Rows per page
Query Builder