Lucene search
K

42 matches found

RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.4 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.6 views

keycloak: Log Injection during WebAuthn authentication or registration

A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References5
OSV
OSV
added 2023/11/22 12:30 p.m.20 views

GHSA-V5GJ-FX3G-HCPW SQL injection in Apache Submarine

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

9.8CVSS9.6AI score0.07167EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/11/22 12:30 p.m.15 views

SQL injection in Apache Submarine

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

9.8CVSS8.4AI score0.07167EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/11/22 10:15 a.m.45 views

CVE-2023-37924

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

9.8CVSS0.07167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.6 views

PT-2023-7514

Name of the Vulnerable Software and Affected Versions Keycloak version 22.0.5 Description A log injection flaw was found in Keycloak, related to the WebAuthn authentication mode. This issue allows a text string to be injected through the authentication form, which may have a minor impact on the...

5.3CVSS6AI score0.01008EPSS
Exploits0References32
OSV
OSV
added 2023/04/11 9:15 a.m.6 views

CVE-2023-26593

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM manag...

7.8CVSS6.7AI score0.00136EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 9:15 a.m.23 views

CVE-2023-26593

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM manag...

7.8CVSS7.9AI score0.00136EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 9:15 a.m.16 views

Privilege escalation

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM manag...

4.3CVSS7.8AI score0.00136EPSS
Exploits0References2Affected Software8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/04/06 5:59 a.m.3 views

Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information

Overview CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information CWE-312, CVE-2023-26593. Yokogawa Electric Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If an attacker who can...

7.8CVSS6.9AI score0.00136EPSS
Exploits0References5
Prion
Prion
added 2020/07/23 4:15 p.m.18 views

Design/Logic Flaw

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266NONOSSDK devices through 3.0.3, and ESP8266RTOSSDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encrypti...

4.3CVSS6.8AI score0.00469EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2020/07/23 3:41 p.m.26 views

CVE-2020-12638

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266NONOSSDK devices through 3.0.3, and ESP8266RTOSSDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encrypti...

6.8AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2020/02/28 3:15 p.m.2 views

DEBIAN-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

7.5CVSS7.1AI score0.03748EPSS
Exploits1References1
Microsoft KB
Microsoft KB
added 2019/02/12 8:0 a.m.61 views

February 12, 2019—KB4487017 (OS Build 17134.590)

February 12, 2019—KB4487017 OS Build 17134.590 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that fails to set the LmCompatibilityLevel value correctly...

9.8CVSS6.9AI score0.68294EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2018/04/17 12:0 a.m.16 views

Description of Windows Small Business Server 2008 Update Rollup 4

Description of Windows Small Business Server 2008 Update Rollup 4 INTRODUCTION Windows Small Business Server Windows SBS 2008 Update Rollup 4 is now available. This rollup package addresses the following issues in Windows SBS 2008. Issue 1 You may be unable to rename and to join a computer that i...

6.5AI score
Exploits0
NVD
NVD
added 2017/03/08 8:59 a.m.22 views

CVE-2017-5178

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials...

10CVSS9.4AI score0.13632EPSS
Exploits0References3
OSV
OSV
added 2017/03/08 8:59 a.m.6 views

CVE-2017-5178

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials...

9.8CVSS5.8AI score0.13632EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/03/08 8:37 a.m.28 views

CVE-2017-5178

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials...

9.3AI score0.13632EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.20 views

Description of Windows Small Business Server 2008 Update Rollup 6

Description of Windows Small Business Server 2008 Update Rollup 6 Summary Windows Small Business Server Windows SBS 2008 Update Rollup 6 is now available. This update addresses the following issues that were not previously documented in a Microsoft Knowledge Base KB article. Issue 1 A computer th...

6.4AI score
Exploits0
Node.js
Node.js
added 2016/01/28 7:56 a.m.32 views

Authentication Bypass

Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...

7.5CVSS6.1AI score0.02524EPSS
Exploits0Affected Software1
Rows per page
Query Builder