Lucene search
K

472 matches found

SUSE CVE
SUSE CVE
added 2023/10/27 12:56 a.m.3 views

SUSE CVE-2023-5729

A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox 119...

4.3CVSS8.4AI score0.00586EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.3 views

Webauthn-Framework Authorization Issues Vulnerability

Webauthn-Framework is an authentication mechanism. It is used by Web applications to create and use strong, proven, scoped, public-key based credentials for strong authentication of users. An authorization issue vulnerability exists in Webauthn-Framework that stems from improper handling of...

5.3CVSS7AI score0.0052EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.4 views

PTC Kepware KEPServerEX Security Vulnerability

PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. A security vulnerability exists in PTC Kepware KEPServerEX 6.14.263.0 and prior versions, which stems from the Web server's use of basic authentication to protect user credentials, and can be...

5.7CVSS7.1AI score0.00306EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/31 12:54 a.m.14 views

CVE-2023-31424 Web authentication and authorization bypass

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization...

8.1CVSS9.9AI score0.00678EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/31 12:54 a.m.10 views

CVE-2023-31424 Web authentication and authorization bypass

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization...

8.1CVSS9.2AI score0.00678EPSS
Exploits0References2
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.28 views

CVE-2023-31424 - Web authentication and authorization bypass

Brocade SANnav web interface before Brocade SANnav v2.3.0 and v2.2.2a allow remote unauthenticated users to bypass web authentication and authorization...

8.1CVSS7.7AI score0.00678EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.6 views

SAMSUNG Members Security Breach

SAMSUNG Members is a community platform app from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Members version 14.0.07.1, which stems from the presence of an incorrect URL authentication vulnerability that could allow an attacker to access sensitive...

4.3CVSS6.7AI score0.00303EPSS
Exploits0References2
CNVD
CNVD
added 2023/05/18 12:0 a.m.11 views

Rocket.Chat Authorization Issues Vulnerability (CNVD-2023-40581)

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an authorization issue vulnerability that stems from the fact that editing a message can change the original timestamp, causing the UI to display the messages in the wrong order. An attacker could use this vulnerability to...

5.3CVSS7.1AI score0.00231EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.4 views

SUSE CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS5.8AI score0.02083EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.2 views

SUSE CVE-2016-2313

authlogin.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database...

8.8CVSS8.9AI score0.02686EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2016-10700

authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...

8.8CVSS9AI score0.02488EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.3 views

SUSE CVE-2018-18820

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution...

8.1CVSS8.4AI score0.48944EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

8.8CVSS8.5AI score0.01013EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-32800

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...

8.1CVSS7.9AI score0.01798EPSS
Exploits0References8
OSV
OSV
added 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

8.8CVSS8.2AI score0.02556EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.4 views

PT-2022-27401 · Unknown · Rest Api Authentication Plugin

Name of the Vulnerable Software and Affected Versions: REST API Authentication plugin versions prior to 2.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.5 views

IBM Robotic Process Automation 授权问题漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1, 21.0.2, 21.0.3, 21.0.4, a...

7.5CVSS7AI score0.0046EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/02 12:0 a.m.4 views

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...

8.8CVSS7.9AI score0.00595EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2022/09/20 12:0 a.m.6 views

September 20, 2022—KB5017381 (OS Build 20348.1070) Preview

September 20, 2022—KB5017381 OS Build 20348.1070 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to fi...

6.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/26 10:15 p.m.4 views

CVE-2022-1499

Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.3CVSS6.8AI score0.00648EPSS
Exploits1References4
Rows per page
Query Builder