Lucene search
+L

47 matches found

Prion
Prion
added 2018/01/31 2:29 p.m.19 views

Design/Logic Flaw

The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...

4.9CVSS6.5AI score0.00566EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/01/31 2:29 p.m.22 views

CVE-2017-16858

The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...

6.8CVSS6.5AI score0.00566EPSS
Exploits0References1
CVE
CVE
added 2018/01/31 2:0 p.m.60 views

CVE-2017-16858

The CVE-2017-16858 issue affects Atlassian Crowd’s crowd-application plugin (used by Google Apps) where versions 1.5.0–3.1.1 allow impersonation of a Crowd user in REST requests by authenticating to a directory bound to an application. In the described scenario, if Crowd is bound to directory 1 w...

6.8CVSS6.5AI score0.00566EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/02/20 3:59 p.m.21 views

Design/Logic Flaw

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...

2.1CVSS6.5AI score0.00334EPSS
Exploits0References2Affected Software11
NVD
NVD
added 2017/02/20 3:59 p.m.22 views

CVE-2016-6249

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...

5.3CVSS5.2AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/20 3:0 p.m.20 views

CVE-2016-6249

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files...

5.5AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2017/02/20 3:0 p.m.59 views

CVE-2016-6249

Summary of CVE-2016-6249 (F5 BIG-IP REST vulnerability) Affected products/versions: F5 BIG-IP 12.0.0 and 11.5.0 – 11.6.1 (REST framework). The vendor advisory lists vulnerable and non‑vulnerable versions (e.g., 12.1.0–12.1.2 as not vulnerable) and enumerates affected modules under the REST framew...

5.3CVSS5.4AI score0.00334EPSS
Exploits0References2Affected Software11
NVD
NVD
added 2016/02/07 11:59 a.m.20 views

CVE-2016-1302

Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...

9CVSS8.5AI score0.0216EPSS
Exploits0References2
OSV
OSV
added 2016/02/07 11:59 a.m.5 views

CVE-2016-1302

Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...

8.8CVSS5.8AI score0.0216EPSS
Exploits0References2
Prion
Prion
added 2016/02/07 11:59 a.m.15 views

Code injection

Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...

9CVSS6.9AI score0.0216EPSS
Exploits0References2Affected Software4
Cvelist
Cvelist
added 2016/02/07 11:0 a.m.28 views

CVE-2016-1302

Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...

8.5AI score0.0216EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/08/26 12:0 a.m.103 views

[USN-2311-1] pyCADF vulnerability

========================================================================== Ubuntu Security Notice USN-2311-1 August 11, 2014 python-pycadf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

5CVSS0.5AI score0.02774EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/24 12:0 a.m.85 views

[USN-2311-2] OpenStack Ceilometer vulnerability

========================================================================== Ubuntu Security Notice USN-2311-2 August 21, 2014 ceilometer vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

5CVSS0.1AI score0.02774EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/22 12:0 a.m.33 views

Ubuntu 14.04 LTS : OpenStack Ceilometer vulnerability (USN-2311-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2311-2 advisory. USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Tenable has extracted the preceding descripti...

5CVSS5.5AI score0.02774EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-2311-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02774EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-2321-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02774EPSS
Exploits0References2
OSV
OSV
added 2014/08/21 8:18 p.m.3 views

USN-2321-1 neutron vulnerabilities

Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. CVE-2014-3555 Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain...

5CVSS5.8AI score0.02774EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2014/08/21 7:57 p.m.72 views

USN-2311-2: OpenStack Ceilometer vulnerability

USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory details: Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in...

5CVSS5.4AI score0.02774EPSS
Exploits0
OSV
OSV
added 2014/08/21 7:57 p.m.5 views

USN-2311-2 ceilometer vulnerability

USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Original advisory details: Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in...

5CVSS5.8AI score0.02774EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/08/12 12:0 a.m.35 views

Ubuntu 14.04 LTS : pyCADF vulnerability (USN-2311-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2311-1 advisory. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST...

5CVSS5.6AI score0.02774EPSS
Exploits0References2
Rows per page
Query Builder