Lucene search
K

289 matches found

Positive Technologies
Positive Technologies
added 2022/01/21 12:0 a.m.4 views

PT-2022-11828 · Fresenius Kabi · Fresenius Kabi Vigilant Software Suite

Name of the Vulnerable Software and Affected Versions: Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 Description: The issue allows user input to be validated on the client side without proper authentication by the server. This is problematic because the server should...

9.8CVSS9.4AI score0.00978EPSS
Exploits0References3
Veracode
Veracode
added 2022/01/07 7:30 a.m.19 views

Cross-Site Request Forgery (CSRF)

Apache Kylin is vulnerable to cross-site request forgery. The vulnerability exists due to a lack of sanitization of the authenticity of web requests allowing an attacker to submit requests which bypass the server authentication...

7.5CVSS3.9AI score0.02338EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/01/04 4:15 a.m.13 views

CVE-2021-20869

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-3...

6.5CVSS0.00532EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/01/04 3:5 a.m.17 views

CVE-2021-20868

Incorrect authorization vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub...

5.1AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2021/08/10 3:15 p.m.2 views

UBUNTU-CVE-2021-38373

In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...

5.3CVSS5.8AI score0.00527EPSS
Exploits0References5
NVD
NVD
added 2021/05/13 4:15 p.m.20 views

CVE-2021-32919

An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...

7.5CVSS0.01398EPSS
Exploits0References8
OSV
OSV
added 2021/05/13 4:15 p.m.10 views

CVE-2021-32919

An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...

7.5CVSS7.4AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2021/04/16 12:0 a.m.12 views

PT-2021-18225 · Npm · A12Nserver

Name of the Vulnerable Software and Affected Versions: a12n-server versions 0.18.0 through 0.18.1 Description: The issue concerns a12n-server, an npm package for simple authentication. A feature to edit users via a new HAL-Form was introduced in version 0.18.0 but was incorrectly made accessible ...

8.1CVSS6.9AI score0.00781EPSS
Exploits0References6
CNVD
CNVD
added 2021/04/13 12:0 a.m.5 views

Apache Solr Information Disclosure Vulnerability

Apache Solr is a standalone enterprise-class search application server. Apache Solr information disclosure vulnerability can be exploited by an attacker to gain unauthorized access to server authentication and authorization profiles...

7.5CVSS6.6AI score0.07805EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/06 5:32 p.m.73 views

Client TLS credentials sent raw to server in npm package nats

Nats is a Node.js client for the NATS messaging system. Problem Description Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The...

7.5CVSS1.3AI score0.01476EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/04/02 3:15 p.m.4 views

CVE-2021-28124

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle MITM support channel UI session to Cohesity DataPlatform...

5.9CVSS6.2AI score0.01015EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/02 2:50 p.m.16 views

CVE-2021-28124

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle MITM support channel UI session to Cohesity DataPlatform...

6AI score0.01015EPSS
Exploits0References1
OSV
OSV
added 2021/02/23 3:15 p.m.3 views

CVE-2021-3252

KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will always be returned in plain-text from the local server during the KACO XP100U authentication process, regardless of whatever passwords have been provided, which leads to an information disclosure...

7.5CVSS7AI score0.02588EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/12/15 12:0 a.m.4 views

PT-2020-6288 · NetGear · Netgear Dgn2200V1

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200v1 devices version 1.0.0.59 and earlier Description: The issue is related to the mishandling of HTTPd authentication in the NETGEAR DGN2200v1 devices, which can be exploited by a remote attacker to execute arbitrary code. This ...

8.8CVSS8.9AI score0.00659EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2020/11/04 7:15 p.m.21 views

CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents an...

6.3CVSS6.8AI score0.00415EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2020/11/04 12:0 a.m.11 views

CVE-2020-28049

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents an...

6.8AI score0.00415EPSS
Exploits1References8
OSV
OSV
added 2020/04/22 5:37 p.m.8 views

SUSE-SU-2020:1072-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - CVE-2018-16877: Fixed an issue with insufficient local IPC client-server authentication on the client's side bsc1131356. - CVE-2018-16878: Fixed a denial of service related to insufficient verification of uncontrolled processes bsc1131353...

8.8CVSS6.1AI score0.00438EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2020/04/13 4:7 a.m.30 views

MS12-051: Vulnerability in Microsoft Office for Mac could allow elevation of privilege: July 10, 2012

Describes the Microsoft Office for Mac 2011 14.2.3 Update that was released on July 10, 2012INTRODUCTIONMicrosoft has released security bulletin MS12-051. This security bulletin contains all the relevant information about the security update for Microsoft Office for Mac 2011. To view the complete...

6.9CVSS6.1AI score0.01645EPSS
Exploits1
Prion
Prion
added 2020/02/23 2:15 a.m.20 views

Directory traversal

An issue was discovered in SmartClient 12.0. The Remote Procedure Call RPC loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML...

5CVSS7.8AI score0.01508EPSS
Exploits1References2Affected Software1
Schneier on Security
Schneier on Security
added 2020/02/18 12:9 p.m.75 views

Hacking McDonald's for Free Food

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a...

7.1AI score
Exploits0
Rows per page
Query Builder