Lucene search
K

33 matches found

Vulnrichment
Vulnrichment
added 2022/09/27 3:10 p.m.8 views

CVE-2022-39258 mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

8.1CVSS8.3AI score0.00632EPSS
Exploits1References2
OSV
OSV
added 2022/05/25 7:34 p.m.29 views

GHSA-7QCX-4P32-QCMX Missing Cryptographic Step in cassproject

Impact CaSS Library, npm:cassproject has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e...

6.3CVSS6.6AI score0.0032EPSS
Exploits0References4
CNVD
CNVD
added 2020/07/24 12:0 a.m.4 views

Schneider Electric Easergy Builder Cryptographic Algorithm Vulnerability

The Schneider Electric Easergy Builder is used by expert engineering teams to configure the T300 grid automation platform. A cryptographic algorithm vulnerability exists in Schneider Electric Easergy Builder version 1.4.7.2 and earlier, which stems from a broken cryptographic algorithm used, and...

7.8CVSS7AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2020/07/23 9:15 p.m.16 views

CVE-2020-7514

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker access to the authorization credentials for a device and gain full access...

7.8CVSS7.7AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2020/07/23 8:46 p.m.53 views

CVE-2020-7514

Schneider Electric Easergy Builder (versions ≤ 1.4.7.2) contains a CWE-327 vulnerability due to use of a broken or risky cryptographic algorithm. This could allow an attacker to access the device’s authorization credentials and gain full access. The affected component is Easergy Builder; root cau...

7.8CVSS7.7AI score0.0022EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/24 4:29 p.m.21 views

CVE-2019-3793

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials...

9.8CVSS8.7AI score0.01053EPSS
Exploits0References1
Prion
Prion
added 2019/04/24 4:29 p.m.19 views

Authorization

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials...

5CVSS9.5AI score0.01053EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/24 3:21 p.m.19 views

CVE-2019-3793 Invitations Service supports HTTP connections

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials...

8.1CVSS9.6AI score0.01053EPSS
Exploits0References1
CVE
CVE
added 2019/04/24 3:21 p.m.42 views

CVE-2019-3793

CVE-2019-3793 affects Pivotal Apps Manager Release lines 665.0.x <665.0.28, 666.0.x <666.0.21, 667.0.x

9.8CVSS9.1AI score0.01053EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2019/04/09 12:0 a.m.38 views

Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability

Description Microsoft Azure DevOps Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

6.5AI score0.01983EPSS
Exploits0Affected Software1
CVE
CVE
added 2011/08/18 6:0 p.m.102 views

CVE-2011-2990

The CVE-2011-2990 vulnerability affects Mozilla Firefox 4.x–5 and SeaMonkey 2.x (before 2.3) where Content Security Policy (CSP) violation reports do not strip proxy-authorization credentials from the request headers, enabling potential leakage of credentials when a CSP report is read. The issue ...

5CVSS8.9AI score0.00961EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2011/08/18 6:0 p.m.22 views

CVE-2011-2990

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

9.2AI score0.00961EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2011/08/17 12:0 a.m.23 views

CVE-2011-2990

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

5CVSS7.2AI score0.00961EPSS
Exploits1References2
Rows per page
Query Builder