Lucene search
K

6611 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.3 views

SUSE CVE-2009-2855

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...

5CVSS6.8AI score0.36732EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-3897

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the basedir directory, and possibly the basedir directory...

5.5CVSS6.8AI score0.00375EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.5 views

SUSE CVE-2012-3865

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

3.5CVSS6.9AI score0.01882EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.2 views

SUSE CVE-2013-0184

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

4.3CVSS6.9AI score0.02418EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.2 views

SUSE CVE-2013-1059

net/ceph/authnone.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via an authreply message that triggers an attempted buildrequest operation...

7.8CVSS7.2AI score0.04546EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.3 views

SUSE CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

7.8CVSS6.5AI score0.06988EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.3 views

SUSE CVE-2014-1948

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

2.6CVSS6.5AI score0.00314EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.8AI score0.01515EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.5 views

SUSE CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS9AI score0.12978EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.3 views

SUSE CVE-2015-4737

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth...

3.5CVSS6AI score0.03646EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.4 views

SUSE CVE-2016-5299

A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox 50...

7.5CVSS6.3AI score0.01644EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7401

Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...

7.5CVSS6.7AI score0.03997EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1112

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression...

8.8CVSS8.8AI score0.02384EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-9275

In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...

4.4CVSS6.3AI score0.01466EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.5 views

SUSE CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

3.3CVSS4.1AI score0.00349EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:18 a.m.3 views

SUSE CVE-2019-2632

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.5CVSS7.8AI score0.03694EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:18 a.m.2 views

SUSE CVE-2019-2737

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS7.2AI score0.03919EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.3 views

SUSE CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

9.8CVSS8.8AI score0.01392EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.3 views

SUSE CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

6.5CVSS7AI score0.05086EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.5 views

SUSE CVE-2020-6823

A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirecturi, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox 75...

7.1CVSS8.6AI score0.01612EPSS
Exploits0References4
Rows per page
Query Builder