Lucene search
+L

33 matches found

CNNVD
CNNVD
added 2024/09/10 12:0 a.m.6 views

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in Siemens Mendix Runtime, which stems from the affected application's authentication...

6.9CVSS6.5AI score0.0044EPSS
Exploits0References2
Redos
Redos
added 2024/08/16 12:0 a.m.20 views

ROS-20240816-01

A vulnerability in the Portainer container management platform is related to a difference in authentication user authentication response time. Exploitation of the vulnerability could allow an attacker acting remotely to determine whether a username is valid or invalid. remotely, whether the...

5.3CVSS7.1AI score0.01242EPSS
Exploits2
OSV
OSV
added 2024/08/08 9:15 a.m.41 views

UBUNTU-CVE-2024-42255

In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...

5.5CVSS6.2AI score0.00183EPSS
Exploits0References5
OSV
OSV
added 2024/05/28 7:29 p.m.11 views

GHSA-FJR2-R2MP-484P Duplicate Advisory: SimpleSAMLphp signature validation bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...

5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/28 7:29 p.m.17 views

Duplicate Advisory: SimpleSAMLphp signature validation bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...

5.8AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/02 3:4 a.m.29 views

CVE-2023-25806 Time discrepancy in authentication responses in OpenSearch

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the interna...

5.3CVSS5.7AI score0.00328EPSS
Exploits0References1
Prion
Prion
added 2021/07/09 9:15 p.m.21 views

Design/Logic Flaw

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

5.8CVSS8AI score0.01106EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/07/09 9:15 p.m.2 views

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS5.5AI score0.01106EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/06/19 12:0 a.m.5 views

PT-2021-4019 · Putty +1 · Putty +1

Name of the Vulnerable Software and Affected Versions: PuTTY versions through 0.75 Description: The issue is related to insufficient authentication data verification in the implementation of the SSH protocol in PuTTY. This can allow a remote attacker to gain unauthorized access to protected...

9.8CVSS7.2AI score0.93305EPSS
Exploits5References44
seebug.org
seebug.org
added 2017/04/05 12:0 a.m.67 views

Broadcom: Stack buffer overflow when handling 802.11r (FT) authentication response (CVE-2017-6975)

Detailed analysis of reference : the https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi4.html the first part https://googleprojectzero.blogspot.tw/2017/04/over-air-exploiting-broadcoms-wi-fi11.html Part II Broadcom produces the Wi-Fi HardMAC SoCs which are used to...

7.2CVSS7.3AI score0.00537EPSS
Exploits3
Prion
Prion
added 2012/10/29 8:55 p.m.17 views

Authentication flaw

The AAA functionality in the IPv4 SSL VPN implementations on Cisco Adaptive Security Appliances ASA 5500 series devices, and the ASA Services Module ASASM in Cisco Catalyst 6500 series devices, with software 8.2 before 8.25.30 and 8.3 before 8.32.34 allows remote attackers to cause a denial of...

7.1CVSS7.2AI score0.02569EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2012/10/10 12:0 a.m.8 views

PT-2012-5529 · Cisco · Cisco Asa +2

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.2 before 8.25.30 Cisco Adaptive Security Appliances ASA 5500 series devices versions 8.3 before 8.32.34 ASA Services Module ASASM in Cisco Catalyst 6500 series devices...

7.1CVSS7.8AI score0.02569EPSS
Exploits0References5
securityvulns
securityvulns
added 2001/10/24 12:0 a.m.45 views

Check Point VPN-1 SecuRemote Flaw

Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 4185 VPN+Strong for Windows 2000 4.1 SP4 4185 VPN+Strong for Windows NT Description: During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed...

1.4AI score
Exploits0
Rows per page
Query Builder