Lucene search
K

112 matches found

BDU FSTEC
BDU FSTEC
added 2024/02/05 12:0 a.m.9 views

The vulnerability of the LDAP protocol implementation in Mastodon’s web application for deploying distributed social networks allows a hacker to bypass the authentication process.

The vulnerability of the LDAP protocol implementation in Mastodon’s web application for deploying distributed social networks is related to the lack of a mechanism for verifying the source of data. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

9.7CVSS8AI score0.01934EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/31 12:0 a.m.6 views

The vulnerability of the Payments component in Microsoft Edge and Google Chrome browsers allows attackers to bypass security restrictions.

The vulnerability of the Payments component in Microsoft Edge and Google Chrome is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to bypass security restrictions remotely...

7.8CVSS6.5AI score0.00331EPSS
Exploits0References13Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/10/23 12:0 a.m.5 views

The vulnerability of Juniper Networks JunOS Evolved router models from the PTX10001, PTX10004, PTX10008, and PTX10016 series lies in the data source verification mechanism’s deficiencies. This allows attackers to trigger a system reboot.

The vulnerability of Juniper Networks JunOS Evolved router models series PTX10001, PTX10004, PTX10008, and PTX10016 lies in defects in the mechanism for verifying data sources during MAC address processing. Exploiting this vulnerability allows a malicious actor to trigger a system reboot...

6.1CVSS5.9AI score0.00167EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.6 views

The vulnerability of Juniper Networks JunOS Evolved router series PTX10003 operating systems, related to deficiencies in the data source verification mechanism, allows attackers to circumvent security restrictions and cause service failures.

The vulnerability of Juniper Networks JunOS Evolved router series, PTX10003, is related to deficiencies in the mechanism for verifying data sources during MAC address processing. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and cause service failures...

6.1CVSS5.9AI score0.0018EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/06 12:0 a.m.7 views

The vulnerability of the Apache Maven framework, which allows a malicious actor to gain unauthorized access to protected information remotely.

The vulnerability of the Apache Maven framework is related to deficiencies in the mechanism for verifying data sources. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

9.4CVSS6.8AI score0.08691EPSS
Exploits2References7Affected Software7
BDU FSTEC
BDU FSTEC
added 2023/08/21 12:0 a.m.5 views

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to a deficiency in the mechanism for verifying the source of data. This allows an attacker to compromise the integrity of the data.

The vulnerabilities of web browsers Firefox, Firefox ESR, and the email client Thunderbird are related to a lack of mechanisms for verifying the source of data. Exploiting these vulnerabilities can allow an attacker to compromise the integrity of data...

7.8CVSS6.7AI score0.00347EPSS
Exploits0References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.9 views

The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software allow attackers to disclose protected information.

The vulnerabilities of the FactoryTalk Policy Manager and FactoryTalk System Services software are related to deficiencies in the data source verification mechanism. Exploitation of these vulnerabilities can allow attackers to disclose protected information...

4.1CVSS5.5AI score0.00384EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2022/12/29 12:0 a.m.6 views

PT-2022-28135 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to improper verification of the source of a communication channel in the GitHub repository usememos/memos. Recommendations: For versions prior to 0.9.1, update to versio...

8.6CVSS8.7AI score0.00528EPSS
Exploits1References12
Prion
Prion
added 2022/12/28 2:15 p.m.10 views

Input validation

Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1...

4.3CVSS6.5AI score0.00586EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.5 views

PT-2022-28101 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns an improper verification of the source of a communication channel. This affects the usememos/memos GitHub repository. There is no information provided about the estimated...

8.6CVSS8.7AI score0.00586EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2022/10/10 12:0 a.m.6 views

The vulnerability of the WebDriver driver for the Mozilla Firefox browser allows a hacker to disclose protected information and execute arbitrary code.

The vulnerability of the WebDriver driver for the Mozilla Firefox browser is related to a lack of mechanisms for verifying the data source. Exploiting this vulnerability allows a malicious actor, operating remotely, to circumvent established security restrictions, disclose sensitive information,...

4.8CVSS7AI score0.00233EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/09/30 12:0 a.m.7 views

The vulnerability of the Mozilla Firefox browser, related to a lack of mechanism for verifying the source, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Mozilla Firefox browser is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

5CVSS5.4AI score0.00329EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/28 12:0 a.m.9 views

The vulnerability of the Mozilla Firefox browser, related to a lack of mechanism for verifying data sources, allows attackers to perform spear-phishing attacks.

The vulnerability of the Mozilla Firefox browser is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows an attacker to perform spear-phishing attacks remotely...

7.8CVSS6.8AI score0.00477EPSS
Exploits0References11Affected Software4
CVE
CVE
added 2022/09/06 3:10 p.m.81 views

CVE-2022-27491

Fortinet FortiOS IPS engine flaws allow a remote, unauthenticated attacker to trigger sending of a crafted HTML “blocked page” to a victim via TCP, potentially flooding the target. Affected FortiOS IPS engine versions span 7.201–7.214, 7.001–7.113, 6.001–6.121, 5.001–5.258 and pre-4.086. The issu...

7.5CVSS7.4AI score0.01265EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.7 views

The vulnerability of the authentication mechanism for voting sessions in the software of the ImageCast X device for marking ballots allows a perpetrator to obtain an arbitrary number of ballots without authorization.

The vulnerability of the authentication mechanism for voting sessions in the ImageCast X device’s voting software is related to a lack of a mechanism for verifying the source of data. Exploiting this vulnerability could allow an intruder to obtain any number of ballots without being authorized...

4.6CVSS5.5AI score0.00161EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/22 12:0 a.m.8 views

The vulnerability of the Yandex Browser lies in its data source verification mechanism’s flaws, which allows attackers to manipulate the content of the address bar.

The vulnerability of the Yandex Browser is related to deficiencies in the mechanism for verifying the source of data. Exploiting this vulnerability allows a remote attacker to manipulate the content of the address bar...

7.5CVSS7.2AI score0.00531EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 1:18 a.m.31 views

Improper Verification of Source of a Communication Channel in Apache Tomcat

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass...

6.5CVSS7.1AI score0.11297EPSS
Exploits0References40Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.7 views

The vulnerability of the Elcomplus SmartPPT SCADA server, related to insufficient verification of the HTTP request source, allows a hacker to execute a CSRF attack.

The vulnerability of the Elcomplus SmartPPT SCADA server is related to insufficient security checks on the HTTP request source. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...

8CVSS7.7AI score0.00344EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/20 12:0 a.m.7 views

The vulnerability in the web interface for controlling microprogrammed software in Cisco IP Phones 6800, Cisco IP Phone 7800, and Cisco IP Phone 8800 allows a attacker to perform a CSRF attack.

The vulnerability of the web interface for controlling microprogrammed software in Cisco IP Phones 6800, 7800, and 8800 is related to insufficient verification of the HTTP request source. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web...

7.1CVSS7.5AI score0.00383EPSS
Exploits0References4Affected Software3
Vulnrichment
Vulnrichment
added 2022/04/04 7:45 p.m.5 views

CVE-2021-32985 AVEVA System Platform Origin Validation Error

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

7.2CVSS7AI score0.00481EPSS
Exploits0References2
Rows per page
Query Builder