Lucene search
K

472 matches found

Prion
Prion
added 2021/06/25 7:15 p.m.17 views

Authentication flaw

In Weidmueller Industrial WLAN devices in multiple versions an exploitable authentication bypass vulnerability exists in the hostname processing. A specially configured device hostname can cause the device to interpret selected remote traffic as local traffic, resulting in a bypass of web...

6.5CVSS7AI score0.01058EPSS
Exploits0References1Affected Software8
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.3 views

Weidmueller Industrial WLAN devices 授权问题漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. An authorization issue vulnerability exists in Weidmueller Industrial WLAN devices, which stems from a specially configured device hostname that causes the device to interpret selected remote traffic as local...

7.2CVSS5.7AI score0.01058EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2018:2890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.03662EPSS
Exploits4References2
OSV
OSV
added 2021/06/07 8:15 p.m.0 views

DEBIAN-CVE-2021-30528

Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.2AI score0.01346EPSS
Exploits1References1
OSV
OSV
added 2021/06/07 8:15 p.m.2 views

UBUNTU-CVE-2021-30528

Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.01346EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.2 views

MesaLabs AmegaView 安全漏洞

MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A security vulnerability exists in MesaLabs AmegaView 3.0 and prior versions that can be exploited by an attacker to gain access using a default cookie that can be set to bypass authentication to the web application...

9.8CVSS5.7AI score0.00983EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.3 views

Google Chrome资源管理错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability in WebAuthentication in versions prior to Google Chrome 91.0.4472.77 can be exploited by a remote attacker to corrupt the rendere...

8.8CVSS8.4AI score0.01346EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2021/05/12 12:0 a.m.2 views

PT-2021-3507 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to weaknesses in the WebAuthn authentication mechanism. It allows an attacker to register a new security device or key for any user without a previously registered...

7.6CVSS7.4AI score0.0091EPSS
Exploits0References14
CVE
CVE
added 2021/04/22 7:37 p.m.51 views

CVE-2021-0261

CVE-2021-0261 affects Juniper Junos OS J-Web and related HTTP/HTTPS services, allowing an unauthenticated attacker to cause an extended DoS by sending a high volume of specific requests. Affected versions include multiple Junos OS releases across EX and SRX lines (e.g., 12.3 before 12.3R12-S17; 1...

7.5CVSS7.5AI score0.01113EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.5 views

Github authelia 输入验证错误漏洞

Github authelia is an application from Github USA. An open source authentication and authorization server that provides 2-factor authentication and single sign-on SSO to applications through a web portal. Authelia version 4.27.4 and prior versions contain an input validation error vulnerability...

5.7CVSS5.7AI score0.0051EPSS
Exploits0References2
Prion
Prion
added 2021/04/02 6:15 p.m.22 views

Improper access control

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...

4.3CVSS6.5AI score0.01316EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/04/02 5:25 p.m.19 views

CVE-2021-22865 Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this...

6.7AI score0.01316EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.4 views

The vulnerability of the HTTP daisy authentication mechanism of the Squid proxy server, related to information disclosure, allows attackers to gain access to confidential data.

The vulnerability of the HTTP dijgest-authentication mechanism of the Squid proxy server is related to the exposure of information. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data...

7.5CVSS6.7AI score0.40982EPSS
Exploits0References13Affected Software5
CNVD
CNVD
added 2021/03/03 12:0 a.m.3 views

File Containment Vulnerability in EaseUS Web Authentication System

EaseUS Web Authentication System is a user management system structured in PHP+Mysql. A file inclusion vulnerability exists in EaseUS Web Authentication System. An attacker can exploit this vulnerability to gain server privileges...

7.2AI score
Exploits0
OSV
OSV
added 2021/02/26 2:15 a.m.3 views

UBUNTU-CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

8.8CVSS7.3AI score0.01013EPSS
Exploits0References6
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.8 views

多款Netgear产品授权问题漏洞

The NETGEAR DGN2200v1 is an N300 wireless ADSL2+ modem router. An HTTPd authentication vulnerability exists in versions prior to NETGEAR DGN2200v1 v1.0.0.60. No detailed vulnerability details are provided at this time...

8.8CVSS5.8AI score0.00659EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/06/15 12:55 p.m.1 views

chromium-browser: Use after free in WebAuthentication

Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS7.4AI score0.01682EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2020/06/15 11:15 a.m.3 views

WebAuthn Passwordless Authentication Now Available for Atlassian Products

Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team...

5.8AI score
Exploits0
ArchLinux
ArchLinux
added 2020/06/06 12:0 a.m.41 views

[ASA-202006-3] chromium: multiple issues

Arch Linux Security Advisory ASA-202006-3 ========================================= Severity: High Date : 2020-06-06 CVE-ID : CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 Package : chromium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1178 Summary =====...

9.6CVSS0.9AI score0.01682EPSS
Exploits0References10
CNVD
CNVD
added 2020/06/04 12:0 a.m.0 views

Google Chrome WebAuthentication Resource Management Error Vulnerability

Google Chrome is a web browser of Google Google, Inc. WebAuthentication is one of the web authentication components. A resource management error vulnerability exists in WebAuthentication in Google Chrome versions prior to 83.0.4103.97. A remote attacker can exploit this vulnerability to cause a...

9.6CVSS9.1AI score0.01682EPSS
Exploits0References1
Rows per page
Query Builder