Lucene search
K

284 matches found

Prion
Prion
added 2022/04/15 3:15 p.m.25 views

Authentication flaw

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...

9.3CVSS9.6AI score0.1986EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/15 2:15 p.m.17 views

CVE-2022-20695 Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerability is due to the improper implementation of...

10CVSS10AI score0.1986EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.3 views

PT-2022-2222 · Cisco · Cisco Wireless Lan Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco Wireless LAN Controller WLC Software versions 8.10.151.0 through 8.10.162.0 Description: A vulnerability in the authentication functionality of Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker t...

10CVSS9.7AI score0.1986EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/02/09 4:18 p.m.2 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.05773EPSS
Exploits0References4
OSV
OSV
added 2022/01/24 10:15 p.m.2 views

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...

9.8CVSS7.3AI score0.01169EPSS
Exploits0References1
Prion
Prion
added 2022/01/24 10:15 p.m.22 views

Authentication flaw

Unisys OS 2200 Messaging Integration Services NTSI 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated...

7.5CVSS9.6AI score0.01169EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/01/20 6:19 p.m.5 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.05773EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/01/13 3:25 p.m.4 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.05773EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/04 12:0 a.m.5 views

PT-2022-1406 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 through 2.2.25 Django versions 3.2 through 3.2.10 Django versions 4.0 through 4.0.0 Description: The issue is related to the UserAttributeSimilarityValidator component in the Django framework, which can cause significant...

9.8CVSS6.6AI score0.87218EPSS
Exploits29References603
OSV
OSV
added 2021/11/23 1:13 p.m.4 views

CLSA-2021-1637673193 Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705

CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...

7.8CVSS7AI score0.01945EPSS
Exploits3References1
CloudLinux
CloudLinux
added 2021/11/23 1:13 p.m.81 views

Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705

CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...

7.8CVSS3AI score0.01945EPSS
Exploits3References1
CloudLinux
CloudLinux
added 2021/11/10 6:27 p.m.67 views

Fix of CVE: CVE-2021-21705, CVE-2021-21704, CVE-2021-21703

CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...

6.9CVSS7.3AI score0.01945EPSS
Exploits3References1
Github Security Blog
Github Security Blog
added 2021/09/23 11:18 p.m.67 views

Observable Discrepancy in Apache Kafka

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS6.7AI score0.05773EPSS
Exploits0References14Affected Software4
NVD
NVD
added 2021/09/22 9:15 a.m.22 views

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS0.05773EPSS
Exploits0References11
OSV
OSV
added 2021/09/22 9:15 a.m.37 views

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS5.7AI score
Exploits0References11
CVE
CVE
added 2021/09/22 9:5 a.m.423 views

CVE-2021-38153

CVE-2021-38153 : Apache Kafka components validate passwords/keys with Arrays.equals, enabling timing attacks that can aid brute-force attempts. Affected releases include Kafka 2.0.0–2.8.0. The issue is fixed in 2.8.1+ and in 3.0.0+. Remediation: upgrade to 2.8.1+ or 3.0.0+ where the vulnerability...

5.9CVSS6.2AI score0.05773EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2021/09/22 12:0 a.m.41 views

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS6.8AI score0.05773EPSS
Exploits0References1
Huntr
Huntr
added 2021/09/08 11:40 p.m.19 views

in weseek/growi

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...

6.4CVSS2AI score0.00535EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/09/08 7:22 p.m.16 views

Important: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.8.4-1 - Container

Red Hat Ansible Tower 3.8.4-1 - Container Running inventories of 60k hosts no longer takes a very long time for events to show up Removed artifactdata from data sent to analytics as part of playbookonstats, since artifactdata can contain PII or sensitive data Regular users are no longer...

9.8CVSS7AI score0.52838EPSS
Exploits12
Snyk
Snyk
added 2021/08/13 10:23 a.m.3 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users. Remediation Upgrade org.apache.kafka:connect-runtime to version 2.8.1, 2.7.2 ...

6.8CVSS8.5AI score0.05773EPSS
Exploits0References2
Rows per page
Query Builder