Lucene search
K

284 matches found

Snyk
Snyk
added 2021/08/13 10:23 a.m.3 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack. Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to brute force attacks by malicious users. Remediation Upgrade org.apache.kafka:connect-runtime to version 2.8.1, 2.7.2 ...

6.8CVSS8.5AI score0.05773EPSS
Exploits0References2
Huntr
Huntr
added 2021/07/30 11:7 a.m.9 views

in erudika/scoold

✍️ Description You should check and validate the password when users registering, any user able to use a weak password like aaaaa also you don't have any rate limit for incorrect passwords that cause to easily perform Bruteforce attacks against your users that have weak passwords. 💥 Impact This...

2AI score
Exploits0
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.4 views

Hewlett Packard Enterprise BackBox 授权问题漏洞

Hewlett Packard Enterprise BackBox is a U.S. Hewlett Packard Enterprise provides the functionality needed to deploy HPE Uninterruptible BackBox products into your backup and recovery operations. Hewlett Packard Enterprise BACKBOX There is an authorization issue vulnerability that stems from the...

8.1CVSS7.7AI score0.00905EPSS
Exploits0References2
OSV
OSV
added 2021/06/08 7:15 p.m.15 views

CVE-2021-22221

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...

6.5CVSS6.6AI score0.00767EPSS
Exploits0References2
OSV
OSV
added 2021/06/08 7:15 p.m.3 views

UBUNTU-CVE-2021-22221

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2. Insufficient expired password validation in various operations allow user to maintain limited...

6.5CVSS5.7AI score0.00767EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/03/17 3:8 p.m.80 views

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.4 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.7CVSS6.8AI score0.01636EPSS
Exploits0References7
CNVD
CNVD
added 2021/01/29 12:0 a.m.7 views

Apache ActiveMQ Authorization Issues Vulnerability

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. An authorization issue vulnerability exists in the Apache ActiveMQ LDAP login module, which stems from an...

7.5CVSS8AI score0.11239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/01/27 12:0 a.m.5 views

PT-2021-16958

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions prior to 2.16.0 Apache ActiveMQ versions prior to 5.16.1 Apache ActiveMQ versions prior to 5.15.14 Description The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP serve...

10CVSS7.7AI score0.99654EPSS
Exploits31References76
Veracode
Veracode
added 2020/08/20 7:39 a.m.20 views

Privilege Escalation

nodebb is vulnerable to privilege escalation. Lack of correct password validation logic allows an attacker to send a malicious socket.io call to update the password of any user on a running NodeBB forum to takeover the account...

9.9CVSS3.6AI score0.02434EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2020/08/06 10:15 p.m.13 views

CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...

7.5CVSS7.4AI score0.01342EPSS
Exploits0References2
Prion
Prion
added 2020/08/06 10:15 p.m.14 views

Input validation

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...

5CVSS7.4AI score0.01342EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2020/08/06 10:15 p.m.2 views

CVE-2020-15115

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort...

7.5CVSS5.4AI score0.01342EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/08/06 9:55 p.m.93 views

CVE-2020-15115

CVE-2020-15115 is an etcd password-management vulnerability affecting versions prior to 3.3.23 and 3.4.10, where there is no password length validation. The description indicates an attacker could brute-force or guess short passwords (potentially length 1) with little computational effort. The co...

7.5CVSS6.5AI score0.01342EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2020/02/03 12:0 a.m.157 views

phpList 3.5.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: phpList 3.5.0 - Authentication Bypass Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0...

7.1AI score
Exploits0
FreeBSD
FreeBSD
added 2019/11/18 12:0 a.m.10 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...

0.1AI score
Exploits0References2
Prion
Prion
added 2019/08/06 2:15 p.m.15 views

Code injection

cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible CPANEL-9559...

5CVSS7.1AI score0.00767EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/06 1:1 p.m.46 views

CVE-2016-10791

CVE-2016-10791 affects cPanel before 60.0.15. The issue arises because the product does not ensure that system accounts lack a valid password, which can render logins impossible (CPANEL-9559). Connected sources consistently describe the same flaw, with no explicit details on affected versions bey...

5.3CVSS5.3AI score0.00767EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/07/25 5:15 p.m.13 views

CVE-2019-9884

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

10CVSS9.6AI score0.0296EPSS
Exploits1References3
OSV
OSV
added 2019/07/25 5:15 p.m.4 views

CVE-2019-9884

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

9.8CVSS5.8AI score0.0296EPSS
Exploits1References3
Prion
Prion
added 2019/07/25 5:15 p.m.14 views

Design/Logic Flaw

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

10CVSS9.4AI score0.0296EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder