Lucene search
K

41 matches found

OSV
OSV
added 2020/05/13 1:15 p.m.7 views

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

9.8CVSS7.6AI score0.03456EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/05/13 12:39 p.m.23 views

CVE-2020-10654

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint...

10AI score0.03456EPSS
Exploits0References4
NVD
NVD
added 2019/12/05 4:15 p.m.25 views

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

2.6CVSS3.6AI score0.00618EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/12/05 4:5 p.m.24 views

CVE-2018-1002102

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...

2.6CVSS4.2AI score0.00618EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/03 12:0 a.m.27 views

IBM BigFix Platform 9.2.x <= 9.2.16 / 9.5.x <= 9.5.11 Information Disclosure

According to its self-reported version, the IBM BigFix Platform application running on the remote host is 9.2.x prior to 9.2.15, or 9.5.x prior to 9.5.10. It is, therefore, affected by an information disclosure vulnerability in internet-facing relays if they are configured as non-authenticating. ...

5.3CVSS5.7AI score0.22547EPSS
Exploits2References2
Veracode
Veracode
added 2018/08/30 2:46 a.m.9 views

Information Disclosure

Npgsql is vulnerable to information disclosure. The database password is written to stdout upon authenticating to the database...

6.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/21 12:0 a.m.32 views

Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation

!/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" req = json.dumps"jsonrpc":"2.0","method":"call",...

7.4AI score
Exploits0
Debian CVE
Debian CVE
added 2017/04/14 6:0 p.m.38 views

CVE-2016-3104

Removed by vendor...

7.5CVSS7.6AI score0.02489EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2015-0316)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS7.5AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2015/08/21 6:54 p.m.6 views

MGASA-2015-0316 Updated x11-server packages fix security vulnerability

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket CVE-2015-3164...

3.6CVSS5.9AI score0.00393EPSS
Exploits0References4
OSV
OSV
added 2015/07/01 2:59 p.m.1 views

DEBIAN-CVE-2015-3164

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket...

3.6CVSS7.2AI score0.00393EPSS
Exploits0References1
Prion
Prion
added 2015/07/01 2:59 p.m.17 views

Authentication flaw

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket...

3.6CVSS6.6AI score0.00393EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2015/06/09 12:0 a.m.34 views

Debian DSA-3282-1 : strongswan - security update

Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When an IKEv2 client authenticates the server with certificates and the client authenticates itself to the server using pre-shared key or EAP, the constraints on the server...

2.6CVSS7.8AI score0.02028EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.27 views

openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)

update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...

4.3CVSS5.4AI score0.02217EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.34 views

Mandriva Linux Security Advisory : sudo (MDVSA-2013:054)

Multiple vulnerabilities has been found and corrected in sudo : A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated...

7.2CVSS8AI score0.03176EPSS
Exploits8References6
UbuntuCve
UbuntuCve
added 2013/02/27 12:0 a.m.33 views

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

6.9CVSS7.2AI score0.03176EPSS
Exploits8References3
OSV
OSV
added 2011/07/07 9:55 p.m.11 views

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

5.9AI score
Exploits0References14
UbuntuCve
UbuntuCve
added 2011/07/07 9:55 p.m.37 views

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

4.3CVSS6.9AI score0.06685EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/07/07 9:0 p.m.29 views

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

8.7AI score0.06685EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2008/03/13 12:0 a.m.33 views

GLSA-200803-15 : phpMyAdmin: SQL injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200803-15 phpMyAdmin: SQL injection vulnerability Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact : An attacker could entice a user to visit a malicio...

5.1CVSS5.8AI score0.00912EPSS
Exploits0References2
Rows per page
Query Builder