Lucene search
+L

408 matches found

Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.6 views

PT-2024-1614 · Emerson · Emerson Rosemount Gc700Xa +2

Name of the Vulnerable Software and Affected Versions: Emerson Rosemount GC370XA, GC700XA, and GC1500XA products affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of Emerson Rosemount GC1500XA, GC700XA, and GC370XA products. An...

8.3CVSS8AI score0.00681EPSS
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.8 views

The vulnerability in the built-in command-line interface (CLI) of the Jenkins automation server allows a attacker to execute a CSWSH attack.

The vulnerability in the built-in command-line interface CLI of the Jenkins automation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a CSWSH attack remotely...

10CVSS7.6AI score0.66921EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.13 views

PT-2024-2034 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023.X through 2023.1.1 Description: The issue is related to the handling of attachments in ticket comments, allowing another user to add attachments...

6.8CVSS6.4AI score0.00345EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.4 views

PT-2024-2633 · Unknown · Myq Print Server

Name of the Vulnerable Software and Affected Versions: MyQ Print Server versions prior to 8.2 patch 43 Description: The issue is related to the administrative interface of the MyQ Print Server, where remote authenticated administrators can execute arbitrary code via PHP scripts. This is due to...

9.8CVSS9.4AI score0.01142EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.9 views

The vulnerability in the Makefile file set for the Linux Buildroot operating system allows a hacker to execute a type of “man-in-the-middle” attack.

The vulnerability in the Makefile set for the Linux Buildroot operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...

8.1CVSS7.6AI score0.00819EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/12/14 4:15 p.m.0 views

CVE-2023-6595

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold...

5.3CVSS6AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/29 12:0 a.m.7 views

The vulnerability of the printing control software in PaperCut MF and PaperCut NG, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.

The vulnerability of the printing control software in PaperCut MF and PaperCut NG is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.7CVSS6.7AI score0.0036EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.5 views

The vulnerabilities of the `pmdm_wp_change_user_meta` and `pmdm_wp_change_post_meta` functions in the Post Meta Data Manager plugin for the WordPress content management system allow a hacker to increase their privileges.

The vulnerability of the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in the Post Meta Data Manager plugin for the WordPress content management system is related to an incorrect authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileg...

9CVSS7.7AI score0.00536EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/12 12:0 a.m.8 views

The vulnerability of the software implementation of the GTP protocol (GPRS Tunneling Protocol) for Open5GS mobile communication networks lies in the lack of authentication for a critical function, allowing attackers to access confidential information.

The vulnerability of the software implementation of the GTP protocol GPRS Tunneling Protocol for mobile communication networks based on Open5GS is related to the absence of authentication for the critical function. Exploiting this vulnerability can allow a malicious actor to gain access to...

7.8CVSS7.2AI score0.00427EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/18 8:15 p.m.7 views

CVE-2023-41965

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.2 views

PT-2023-5053 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of the Microsoft Exchange Server, allowing a remote attacker to conduct spoofing attacks. This can...

8CVSS9.4AI score0.68598EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/09/08 12:0 a.m.6 views

The vulnerability of the PAMcheckPasswd() function, a utility for managing and monitoring processes, programs, files, and Monit directories, allows a perpetrator to increase their privileges.

The vulnerability of the PAMcheckPasswd function, a utility for managing and monitoring processes, programs, files, and Monit directories, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...

9CVSS7.3AI score0.00667EPSS
Exploits0References6Affected Software3
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.5 views

PT-2023-5298 · Unknown · Modulys Gp

Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The issue is related to the lack of security in the authentication process of the web application, allowing information to be obtained by sending specific requests. This i...

7.8CVSS7.3AI score0.00508EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.5 views

PT-2023-5220 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex version 5.0.5 Description: The issue is related to improper access controls, allowing a remote attacker to bypass IP restrictions. This is due to insufficient authentication data verification, which can impact the integrity ...

7.5CVSS6.7AI score0.00314EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/08/15 12:0 a.m.8 views

The vulnerability of the SCADA system SCADA Data Gateway (SDG) is related to deficiencies in authentication procedures. This allows attackers to bypass security restrictions and gain unauthorized access to the system.

The vulnerability of the SCADA system, SCADA Data Gateway SDG, is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to the system...

10CVSS7.7AI score0.01623EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.5 views

EmpowerID Authorization Issues Vulnerability

EmpowerID is an all-in-one identity management and cloud security suite from EmpowerID. A security vulnerability previously existed in EmpowerID version 7.205.0.1, which stemmed from an insecurity in the multiple authentication mechanism. It was possible to modify an account's email address after...

9.1CVSS7.1AI score0.00526EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/08/03 12:0 a.m.9 views

The vulnerability of the microprogramming software of the Link DIR-885L, which allows a hacker to increase their privileges

The vulnerability of the Link DIR-885L router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...

7.5CVSS7.7AI score0.01103EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.8 views

PT-2023-4061 · D Link · D-Link Dir-895

Name of the Vulnerable Software and Affected Versions: D-Link DIR-895 version FW102b07 Description: The issue is related to a function called phpcgi main in the D-Link DIR-895 router's firmware, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to ga...

9.8CVSS7.7AI score0.00976EPSS
Exploits0References11
VulnCheck KEV
VulnCheck KEV
added 2023/07/27 12:0 a.m.7 views

VulnCheck KEV: CVE-2022-0732

The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...

7.5CVSS7.1AI score0.02508EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.7 views

The vulnerability of the MyHandlerInterceptor class in the ProSafe Network Management NMS300 system’s management, diagnosis, and optimization of network device operations allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the MyHandlerInterceptor class in the ProSafe Network Management NMS300 system, which is used for management, diagnosis, and optimization of network device operations, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a...

10CVSS7.7AI score0.81545EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder