Lucene search
K

82 matches found

OSV
OSV
added 2023/08/16 3:15 p.m.30 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

8.8CVSS6.9AI score
Exploits0References6
Prion
Prion
added 2023/08/16 3:15 p.m.27 views

Double free

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

6.5CVSS8.3AI score0.01229EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/08/16 12:0 a.m.2 views

MIT Kerberos 资源管理错误漏洞

MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications through a key system. A security vulnerability...

8.8CVSS7.2AI score0.01229EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/08/16 12:0 a.m.1 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

5.4AI score0.01229EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/08/16 12:0 a.m.25 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

8.7AI score0.01229EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/08/16 12:0 a.m.47 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

8.8CVSS7.3AI score0.01229EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/10 12:0 a.m.29 views

Fedora 38 : krb5 (2023-ca086f015c)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ca086f015c advisory. This is a backport of the upstream fix for CVE-2023-39975: https://github.com/krb5/krb5/pull/1312 Tenable has extracted the preceding description block...

8.8CVSS7.2AI score0.01229EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.4 views

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

6.1CVSS7.3AI score0.00575EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.4 views

PT-2022-20577 · Slack · Slack Morphism

Name of the Vulnerable Software and Affected Versions: Slack Morphism versions prior to 0.41.0 Description: The issue concerns the potential leakage of Slack OAuth client information into application debug logs due to insecure debug log formatting. This could lead to the accidental exposure of...

7.5CVSS7.3AI score0.00739EPSS
Exploits0References11
OSV
OSV
added 2022/05/24 5:21 p.m.4 views

GHSA-W8CC-3H7Q-JHC3 Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

6.9CVSS6.8AI score0.01125EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.7 views

Mattermost Server has low entropy for authorization data as an OAuth 2.0 Service Provider

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data...

9.1CVSS7AI score0.01125EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 1:48 a.m.15 views

GHSA-PC5H-M95G-V6RH LFI in PHP-Proxy 5.1.0

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...

7.5CVSS7.2AI score0.21951EPSS
Exploits5References4
Github Security Blog
Github Security Blog
added 2022/05/14 1:48 a.m.29 views

LFI in PHP-Proxy 5.1.0

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" intended for users who lack shell access to their web server is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 appkey value from the default config.php is in place, and this value ca...

7.5CVSS6.6AI score0.21951EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2022/02/18 6:15 p.m.9 views

AZL-8704 CVE-2020-25719 affecting package samba 4.12.5-7

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result cou...

7.2CVSS6.9AI score0.01673EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.3 views

Twisted 信息泄露漏洞

Twisted is an event-driven open source web engine written in Python. An information disclosure vulnerability exists in Twisted that originates from exposing cookies and authorization information during cross-origin redirects...

7.5CVSS7.2AI score0.01381EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 2022/02/06 9:15 p.m.7 views

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

10CVSS7.3AI score0.14058EPSS
Exploits4References5
OSV
OSV
added 2022/02/06 9:15 p.m.3 views

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

9.8CVSS5.8AI score0.14058EPSS
Exploits4References4
NVD
NVD
added 2022/02/06 9:15 p.m.29 views

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

10CVSS0.14058EPSS
Exploits4References4
Prion
Prion
added 2022/02/06 9:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

10CVSS9.5AI score0.14058EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2022/02/06 8:54 p.m.37 views

CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...

9.8AI score0.14058EPSS
Exploits4References4
Rows per page
Query Builder