Lucene search
K

290 matches found

OpenVAS
OpenVAS
added 2021/05/20 12:0 a.m.30 views

Discourse 2.7.0.beta9 Security Update

A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5CVSS7.1AI score0.04808EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2021/05/19 12:25 a.m.54 views

CVE-2021-22904

A flaw was found in RubyGem Actionpack which is framework for handling and responding to web requests in Rails. A possible DoS vulnerability was found in the Token Authentication logic in Action Controller...

7.5CVSS1.7AI score0.04808EPSS
Exploits1References4
Debian
Debian
added 2021/05/11 8:52 p.m.71 views

[SECURITY] [DLA 2655-1] rails security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

7.5CVSS8.1AI score0.04808EPSS
Exploits2
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.6 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the personal developer, Yukihiro Matsumoto. A security vulnerability exists in Ruby. The vulnerability is caused due to a "use after sale" error in the token authentication logic in the Operations Controller,...

7.5CVSS7.4AI score0.04808EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2021/05/05 7:49 p.m.83 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...

7.5CVSS7.6AI score0.04808EPSS
Exploits1References11Affected Software1
Snyk
Snyk
added 2021/05/05 7:49 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. There is a possible denial of service vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for request...

7.5CVSS7AI score0.04808EPSS
Exploits1References2
OSV
OSV
added 2021/05/05 7:49 p.m.33 views

GHSA-7WJX-3G7J-8584 Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for reques...

7.5CVSS7.5AI score0.04808EPSS
Exploits1References11
RubySec
RubySec
added 2021/05/05 12:0 a.m.26 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...

7.5CVSS4.4AI score0.04808EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/01 12:0 a.m.11 views

PT-2021-4539 · Ruby On Rails +3 · Action Pack +3

Name of the Vulnerable Software and Affected Versions: actionpack versions 4.0.0 through 6.1.3.1, 6.0.3.6, 5.2.4.5, 5.2.5 actionpack versions 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 are not affected Description: The issue is related to a denial of service vulnerability in the Token Authentication logic ...

9.8CVSS6.5AI score0.98507EPSS
Exploits31References103
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.6 views

Tangro Business Workflow 授权问题漏洞

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from a failure of a proper...

4.3CVSS5.8AI score0.00731EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.6 views

The vulnerability of the Cisco DNA Center’s management center, related to errors in token authentication processing, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco DNA Center’s management center is related to errors in token authentication processing. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.02222EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/14 5:27 p.m.22 views

CVE-2020-15074

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp...

7.8AI score0.01045EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/22 12:0 a.m.7 views

Unspecified Vulnerability in Saml2 Authentication services for ASP.NET

Saml2 Authentication services for ASP.NET is a SAML Security Assertion Markup Language authentication service for ASP.NET. A security vulnerability exists in the method of token authentication in Saml2 Authentication services for ASP.NET versions 1.0.2 and 2.0.0 through 2.6.0. An attacker could...

7.3CVSS6.9AI score0.01086EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/12/16 1:53 p.m.4 views

kubernetes: Bearer tokens written to logs at high verbosity levels (>= 7)

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

6.5CVSS6.6AI score0.01766EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2019/08/29 12:0 a.m.36 views

Credentials Management

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...

6.5CVSS3.3AI score0.01766EPSS
Exploits0References1Affected Software1
Akamai Blog
Akamai Blog
added 2019/03/04 11:0 a.m.50 views

Future Proofing Your Content Security Perimeter with Enhanced Token Authentication

Background: Media Content Security Security in the media & entertainment industry means securing the entire content consumption path. For any OTT or streaming company that wants to serve or distribute its content to end users, has to protect and safeguard their content against an ever-evolving...

Exploits0
CNVD
CNVD
added 2018/03/21 12:0 a.m.7 views

Cloud Controller, cf-deployment and cf-release authentication vulnerabilities

Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from the Cloud Foundry Foundation in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other features. cf-release is a release version of CF...

8.8CVSS6.7AI score0.0099EPSS
Exploits0References1
NVD
NVD
added 2018/03/19 6:29 p.m.25 views

CVE-2018-1195

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be...

8.8CVSS8.8AI score0.0099EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/11/09 12:0 a.m.44 views

Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)

Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...

8.1AI score0.01555EPSS
Exploits2
CVE
CVE
added 2016/02/03 3:0 p.m.65 views

CVE-2015-7546

CVE-2015-7546 affects OpenStack Keystone and related keystonemiddleware: the identity service fails to invalidate authorization tokens when using PKI or PKIZ providers, enabling remote authenticated users to bypass access controls by manipulating bytes in a revoked token. Affected versions includ...

7.5CVSS7.2AI score0.01708EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder