Lucene search
K

131 matches found

Cvelist
Cvelist
added 2018/12/12 12:0 a.m.29 views

CVE-2018-8635

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server,...

5.6AI score0.06127EPSS
Exploits0References2
OSV
OSV
added 2018/08/21 1:29 a.m.5 views

DEBIAN-CVE-2018-15599

The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...

5.3CVSS8.8AI score0.02709EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/11/27 12:0 a.m.35 views

FreeBSD : salt -- multiple vulnerabilities (50127e44-7b88-4ade-8e12-5d57320823f1)

SaltStack reports : Directory traversal vulnerability in minion id validation in SaltStack. Allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. Credit for discovering the security flaw goes to: Julian Brost [email protected]. NOTE: this...

9.8CVSS7.2AI score0.02739EPSS
Exploits0References7
CNVD
CNVD
added 2017/10/25 12:0 a.m.3 views

SaltStack Salt Denial of Service Vulnerability

SaltStack Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. in the United States. The tool provides configuration management, remote execution and other functions , able to manage tens of thousands of servers , with the ability to quickly complete t...

7.5CVSS7.1AI score0.02739EPSS
Exploits0References1
Prion
Prion
added 2017/10/24 5:29 p.m.20 views

Cross site request forgery (csrf)

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...

5CVSS7.6AI score0.02739EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2017/10/24 5:29 p.m.29 views

CVE-2017-14696

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...

7.5CVSS6.9AI score0.02739EPSS
Exploits0References5
NVD
NVD
added 2017/10/24 5:29 p.m.17 views

CVE-2017-14696

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...

7.5CVSS7.7AI score0.02739EPSS
Exploits0References7
OSV
OSV
added 2017/10/24 5:29 p.m.3 views

UBUNTU-CVE-2017-14696

SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request...

7.5CVSS6.8AI score0.02739EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/10/23 12:0 a.m.32 views

openSUSE Security Update : salt (openSUSE-2017-1182)

Salt was updated to 2017.7.2 and also to fix various bugs and security issues. See https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html for full changelog. Security issues fixed : - CVE-2017-14695: A directory traversal during minion id validation was fixed. boo1062462 -...

9.8CVSS7.2AI score0.02739EPSS
Exploits0References11
CNVD
CNVD
added 2017/07/07 12:0 a.m.2 views

Soffid IAM console arbitrary code execution vulnerability

Soffid IAM console is a distributed Identity Manager console program that supports SQL-based and file-based authentication for both web and natively-based applications. A security vulnerability exists in Soffid IAM console version 1.7.4 and earlier. A remote attacker can exploit the vulnerability...

9.8CVSS9.9AI score0.03291EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.19 views

CVE-2017-6683

A vulnerability in the esclistener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More...

9.2AI score0.05856EPSS
Exploits0References2
OSV
OSV
added 2017/06/02 5:29 a.m.4 views

CVE-2017-9363

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...

9.8CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2017/06/02 5:4 a.m.22 views

CVE-2017-9363

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request...

9.8AI score0.03291EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.35 views

SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)

This update for mysql to version 5.5.55 fixes the following issues: These security issues were fixed : - CVE-2017-3308: Unspecified vulnerability in Server: DML bsc1034850 - CVE-2017-3309: Unspecified vulnerability in Server: Optimizer bsc1034850 - CVE-2017-3329: Unspecified vulnerability in...

7.7CVSS6.8AI score0.04945EPSS
Exploits0References32
CNVD
CNVD
added 2017/04/27 12:0 a.m.4 views

NetIQ Access Manager Cross-Site Scripting Vulnerability (CNVD-2017-06744)

NetIQ Access Manager provides a simple, secure, and scalable solution for handling Web access requirements. A cross-site scripting vulnerability exists in the AssertionConsumerServiceURL field of a signed AuthnRequest in the samlp:AuthnRequest document for NetIQ Access Manager. A remote attacker...

6.1CVSS6.2AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2017/04/20 6:59 p.m.3 views

CVE-2017-5183

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document...

6.1CVSS5.8AI score0.00669EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/03/23 12:0 a.m.45 views

F5 Networks BIG-IP : TMM SSO plugin vulnerability (K95444512)

The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider SP connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an...

5.3CVSS6.2AI score0.01923EPSS
Exploits0References2
Citrix
Citrix
added 2016/12/23 12:0 a.m.8 views

Error: "An authentication request was made before establishing a web session"

When going through the NetScaler, the following error is seen in the Event Viewer: An authentication request was made before establishing a web session. This typically occurs when sticky load-balancing between client and StoreFront is misconfigured...

7.3AI score
Exploits0
Amazon
Amazon
added 2015/05/05 12:0 a.m.42 views

Medium: krb5

Issue Overview: A use-after-free flaw was found in the way the MIT Kerberos libgssapikrb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library libgssapi could call the gssprocesscontexttoken function and use this flaw to crash that...

9CVSS7.7AI score0.06213EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/01/16 12:0 a.m.26 views

Amazon Linux AMI : xorg-x11-server (ALAS-2015-470)

Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially...

6.5CVSS6.7AI score0.05192EPSS
Exploits0References14
Rows per page
Query Builder