Lucene search
K

35 matches found

susecve
susecve
added 2023/10/31 2:40 a.m.5 views

SUSE CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7AI score0.01655EPSS
Exploits0References2
prion
prion
added 2023/08/16 3:15 p.m.25 views

Authentication flaw

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

2.6CVSS5.8AI score0.00494EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2023/06/15 9:15 p.m.3 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.1CVSS5.9AI score0.00971EPSS
Exploits0References3
cvelist
cvelist
added 2023/03/27 2:50 p.m.45 views

CVE-2023-1136 CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

9.8CVSS9.7AI score0.00736EPSS
Exploits0References1
osv
osv
added 2022/12/08 6:15 p.m.8 views

CVE-2022-46829

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...

8.8CVSS5.8AI score0.00428EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/11/08 12:0 a.m.4 views

PT-2022-5626 · Vmware · Vmware Workspace One Assist

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Assist versions prior to 22.10 Description: The issue is related to a session fixation problem, where a malicious actor who obtains a valid session token may be able to authenticate to the application using that token. Th...

10CVSS9.4AI score0.00824EPSS
Exploits0References4
prion
prion
added 2021/03/18 3:15 p.m.17 views

Improper access control

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

4.3CVSS7.4AI score0.01789EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/03/18 2:2 p.m.32 views

CVE-2021-27306

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...

7.6AI score0.01789EPSS
Exploits0References2
redhat
redhat
added 2018/06/19 5:8 a.m.6 views

pcs: Debug parameter removal bypass, allowing information disclosure

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...

7.5CVSS5.8AI score0.01655EPSS
Exploits0References4
prion
prion
added 2018/04/12 4:29 p.m.27 views

Privilege escalation

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

5CVSS7.3AI score0.01655EPSS
Exploits0References4Affected Software3
osv
osv
added 2018/04/12 4:29 p.m.4 views

UBUNTU-CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS7.2AI score0.01655EPSS
Exploits0References4
debiancve
debiancve
added 2018/04/12 4:0 p.m.37 views

CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

7.5CVSS6AI score0.01655EPSS
Exploits0
redhat
redhat
added 2018/04/10 8:23 p.m.8 views

pcs: Debug parameter removal bypass, allowing information disclosure

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...

7.5CVSS5.8AI score0.01655EPSS
Exploits0References4
freebsd
freebsd
added 2018/02/21 12:0 a.m.40 views

phpMyAdmin -- self XSS in central columns feature

The phpMyAdmin team reports: Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigation factor A valid token must be...

5.4CVSS5.5AI score0.01618EPSS
Exploits1References1
phpmyadmin
phpmyadmin
added 2018/02/20 12:0 a.m.32 views

Self XSS in central columns feature

PMASA-2018-1 Announcement-ID: PMASA-2018-1 Date: 2018-02-20 Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigati...

5.4CVSS6.2AI score0.01618EPSS
Exploits1Affected Software1
Rows per page
Query Builder