Lucene search
K

472 matches found

BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.4 views

Vulnerability of the web authentication function of the SolarWinds Serv-U File Server, which allows a hacker to increase their privileges

The vulnerability of the web authentication function of the SolarWinds Serv-U File Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

5CVSS7.2AI score0.03359EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2022/02/07 1:55 p.m.58 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 security update on RHEL 7

New Red Hat Single Sign-On 7.5.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.5AI score0.81147EPSS
Exploits10References8
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.15 views

Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Authentication For Critical Function (CVE-2020-10044)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. This plugin only works with Tenable.ot. Please visit...

7.5CVSS7.2AI score0.00826EPSS
Exploits0References3
CVE
CVE
added 2022/01/25 7:45 p.m.63 views

CVE-2021-41598

GitHub Enterprise Server vulnerability CVE-2021-41598 is a UI misrepresentation flaw in the GitHub App authorization flow. It can cause more permissions to be granted than the user sees during approval, specifically if the user later updates the repositories an app is installed on after additiona...

8.8CVSS8.8AI score0.01152EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/12/23 1:15 a.m.1 views

DEBIAN-CVE-2021-38022

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.2AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2021/12/23 1:15 a.m.2 views

UBUNTU-CVE-2021-38022

Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.00856EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.7 views

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an OS command injection vulnerability caused by a problem with system authentication for HTTP requests. An attacker could exploit the...

9.1CVSS6AI score0.03886EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/09/14 12:35 p.m.10 views

keycloak: Anyone can register a new device when there is no device registered for passwordless login

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow...

7.5CVSS5.8AI score0.0091EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/07 12:0 a.m.4 views

Nextcloud 日志信息泄露漏洞

An information disclosure vulnerability exists in Nextcloud Server, an open source, powerful cloud storage network drive project. An attacker could use this vulnerability to bypass the dual authentication in Nextcloud, and an attacker who knows the password or has access to the WebAuthN trusted...

5.5CVSS5.7AI score0.00239EPSS
Exploits0References7
Kitploit
Kitploit
added 2021/08/15 9:30 p.m.75 views

Raider - Web Authentication Testing Framework

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication...

7.7AI score
Exploits0References1
OSV
OSV
added 2021/08/11 5:15 p.m.3 views

CVE-2021-3047

A cryptographically weak pseudo-random number generator PRNG is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to...

3.1CVSS5.8AI score0.00452EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.5 views

The vulnerability of the Keycloak identity and access management software lies in its authentication mechanism, which has flaws. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Keycloak identity and access management software is related to shortcomings in the WebAuthn authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.6CVSS7.2AI score0.0091EPSS
Exploits0References3Affected Software2
Node.js
Node.js
added 2021/07/02 7:21 p.m.82 views

Improper Authentication

Overview The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server ha...

4CVSS2AI score0.00514EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/07/02 7:20 p.m.16 views

GHSA-6CGH-HJPW-Q3GQ Utils.readChallengeTx does not verify the server account signature

The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed...

6.5CVSS6.3AI score0.00514EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/07/02 7:20 p.m.82 views

Utils.readChallengeTx does not verify the server account signature

The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the serverAccountID has signed the transaction. The function does not verify that the server has signed...

6.5CVSS2.2AI score0.00514EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/07/02 7:15 p.m.22 views

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS0.00514EPSS
Exploits0References2
OSV
OSV
added 2021/07/02 7:15 p.m.17 views

CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

6.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2021/07/02 7:15 p.m.11 views

Design/Logic Flaw

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The Utils.readChallengeTx function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the...

4CVSS6.5AI score0.00514EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/02 6:15 p.m.106 views

CVE-2021-32738

CVE-2021-32738 affects the js-stellar-sdk library used to interact with Stellar Horizon. The vulnerability lies in Utils.readChallengeTx, which, before version 8.2.3, did not verify that the server signature was present on the challenge transaction; however, signature verification via Utils.verif...

6.5CVSS6.4AI score0.00514EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/06/29 12:0 a.m.11 views

Weidmueller Industrial WLAN devices authorization issue vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An authorization issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from a specially configured device hostname that causes the device to interpret selected remote traffic as local...

7.2CVSS6.8AI score0.01058EPSS
Exploits0References1
Rows per page
Query Builder