Lucene search
K

103 matches found

RedHat Linux
RedHat Linux
added 2024/11/04 1:50 a.m.248 views

Important: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9CVSS7.2AI score0.14859EPSS
Exploits2References2
Circl
Circl
added 2024/09/10 9:46 p.m.34 views

CVE-2024-45409

creationtimestamp| type| source ---|---|--- 2024-09-10 21:46:54+00:00| seen| https://t.me/cvedetector/5296 2024-09-12 10:08:54+00:00| published-proof-of-concept| https://t.me/HackingInsights/12851 2024-09-18 09:07:12+00:00| seen| https://t.me/HackingInsights/13399 2024-09-19 04:00:00+00:00| seen|...

10CVSS7AI score0.10684EPSS
Exploits3References38
RedHat Linux
RedHat Linux
added 2024/09/09 4:5 p.m.3 views

keycloak-core: One Time Passcode (OTP) is valid longer than expiration timeSeverity

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

4.8CVSS5.7AI score0.00393EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.6 views

PT-2024-38705 · Hitachi Energy · Microscada X Sys600

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The product exposes a service intended for local use to all network interfaces without any authentication. Recommendations: At the moment, there is no information about a newer version that...

9.8CVSS5.9AI score0.00546EPSS
Exploits0References12
Hacker One
Hacker One
added 2024/08/01 4:12 p.m.8 views

MTN Group: Yet Another OTP code Leaked in the API Response

The OTP code was leaked in the API response, which compromised the purpose of its implementation. The application requested a phone number for authentication and sent an OTP code to the user, but the OTP was returned in the API response, exposing it to potential misuse...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.34 views

Hikvision Video Recorders Improper Restriction of Excessive Authentication Attempts (CVE-2020-7057)

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are...

5.3CVSS5.7AI score0.01103EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/07/10 11:0 a.m.16 views

True Protection or False Promise? The Ultimate ITDR Shortlisting Guide

It's the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.15 views

PT-2024-25627 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue arises from the unsafe direct use of the HTTP REFERER variable in the admin/tool/mfa/index.php file. Specifically, the referrer URL used by Multi-Factor Authentication MFA required...

9.8CVSS5.6AI score0.00944EPSS
Exploits1References48
VulnCheck KEV
VulnCheck KEV
added 2024/05/10 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS7.2AI score0.95302EPSS
Exploits8References1
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.23 views

Post Grid Combo – 36+ Gutenberg Blocks < 2.2.65 - Authenticated (Contributor+) Cross-Site Scripting

Description The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00348EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/27 6:31 p.m.29 views

CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...

8.2CVSS9.4AI score0.00675EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.19 views

CVE-2023-33243

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...

7.1AI score0.04421EPSS
Exploits4References2
Citrix
Citrix
added 2022/11/08 12:0 a.m.13 views

Upcoming changes in XenCenter

To provide you with greater security, the Citrix Insight Services CIS website has extended its multi-factor authentication requirement to applications, like XenCenter, that use the API to upload data. As a result, we are making changes to how XenCenter interacts with CIS. Important : XenCenter...

5.9CVSS6.8AI score0.05773EPSS
Exploits0
OSV
OSV
added 2022/10/07 6:15 p.m.3 views

GHSA-9427-7F65-88C8 Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages...

5.3CVSS5.1AI score0.00427EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2021/07/01 4:32 p.m.35 views

SMS authentication code includes ad: a very bad idea

SMS authentication codes are back in the news, and the word Id use to summarise their reappearance is "embattled." I can still remember a time where two-factor authentication 2FA, authentication grids, regional lockouts, Yubikeys, and offline authentication apps simply did not exist. And if they...

7.5AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/03/17 4:0 a.m.20 views

Finding the Cracks in the Wall - How Modern Scams Bypass MFA

In my previous blog, I discussed the important role multi-factor authentication MFA plays in further securing access to enterprise and consumer services. We also established the fact that although MFA increases authentication security and decreases the risk of account takeover, MFA can, and is,...

2.8AI score
Exploits0
OSV
OSV
added 2019/12/15 10:15 p.m.5 views

CVE-2014-8650

python-requests-Kerberos through 0.5 does not handle mutual authentication...

9.8CVSS9.6AI score0.03615EPSS
Exploits0References9
OSV
OSV
added 2019/12/06 6:15 p.m.4 views

CVE-2019-16670

An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention...

9.8CVSS7.3AI score0.01981EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2019/06/11 7:0 a.m.280 views

June 11, 2019—KB4503293 (OS Build 18362.175)

June 11, 2019—KB4503293 OS Build 18362.175 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Notes: This release also contains updates for Microsoft HoloLens OS Build 18362.1020 released June 11, 2019. Microsoft will release an update...

9.3CVSS7.8AI score0.48043EPSS
Exploits14
CVE
CVE
added 2019/04/23 2:45 p.m.86 views

CVE-2018-1317

CVE-2018-1317 affects Apache Zeppelin prior to 0.8.0, where the cron scheduler was enabled by default. This could allow users to run paragraphs as other users without authentication, constituting an authentication bypass. The documented remediation is to upgrade to Zeppelin 0.8.0 or later, which ...

8.8CVSS8.6AI score0.04666EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder