Lucene search
K

6611 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-8553

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...

5.9CVSS5.8AI score0.00894EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.3 views

SUSE CVE-2020-12674

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled...

7.5CVSS7AI score0.06187EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.2 views

SUSE CVE-2020-26560

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey...

8.1CVSS9.3AI score0.00855EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.2 views

SUSE CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

8.8CVSS8.2AI score0.0406EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:47 a.m.5 views

SUSE CVE-2021-20288

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated...

8CVSS7AI score0.0211EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.5 views

SUSE CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

6.1CVSS6.4AI score0.07124EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.2 views

SUSE CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

7.3CVSS6.7AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.3 views

SUSE CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

7.5CVSS6.3AI score0.01054EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-27776

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

4.3CVSS7.6AI score0.03425EPSS
Exploits1References60
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.2 views

SUSE CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

6.6CVSS9.7AI score0.01267EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.5 views

SUSE CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

8.8CVSS9.3AI score0.01166EPSS
Exploits1References35
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.3 views

SUSE CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

5.9CVSS6.6AI score0.01277EPSS
Exploits0References16
CNNVD
CNNVD
added 2023/02/13 12:0 a.m.2 views

playSMS 安全漏洞

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS v1.4.5 and earlier versions, which stems from a type confusion vulnerability in component /auth/fn.php that can be exploited by ...

9.8CVSS8.3AI score0.00827EPSS
Exploits0References3
OSV
OSV
added 2023/02/10 10:3 p.m.23 views

CVE-2023-25560 JSON Injection in DataHub

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

8.2CVSS9.2AI score0.00631EPSS
Exploits0References3
wpexploit
wpexploit
added 2023/02/09 12:0 a.m.200 views

WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The plugin does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete the auth key. As a contributo...

4.3CVSS5.8AI score0.00801EPSS
Exploits2
OSV
OSV
added 2023/02/06 8:15 p.m.4 views

CVE-2023-0669

Fortra formerly, HelpSystems GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2...

7.2CVSS5.9AI score0.99999EPSS
Exploits12References9
GithubExploit
GithubExploit
added 2023/02/03 6:32 a.m.795 views

Exploit for Deserialization of Untrusted Data in Ibm Aspera_Faspex

CVE-2022-47986 Aspera Faspex Pr...

9.8CVSS8.5AI score0.99968EPSS
Exploits5
CVE
CVE
added 2023/02/02 2:12 p.m.417 views

CVE-2022-1970

CVE-2022-1970 entry is rejected/not used and does not represent an active vulnerability.

6.2AI score
Exploits0
OSV
OSV
added 2023/01/30 4:27 p.m.5 views

SUSE-SU-2023:0215-1 Security update for apache2-mod_auth_openidc

This update for apache2-modauthopenidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidcvalidateredirecturl using tab character bsc1206441. - CVE-2021-39191: Fixed open redirect issue in targetlinkuri parameter bsc1190223...

6.1CVSS6.3AI score0.0175EPSS
Exploits1References6
NVD
NVD
added 2023/01/26 9:18 p.m.20 views

CVE-2023-20924

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

6.8CVSS6.7AI score0.00206EPSS
Exploits0References1
Rows per page
Query Builder