CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1248 matches found

NVD•added 2019/10/18 5:15 p.m.•11 views

CVE-2019-17393

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...

9.8CVSS9.5AI score0.01836EPSS

Exploits1References2

Prion•added 2019/10/18 5:15 p.m.•9 views

Authentication flaw

5CVSS9.4AI score0.01836EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/10/18 4:4 p.m.•14 views

CVE-2019-17393

9.5AI score0.01836EPSS

Exploits1References2

CVE•added 2019/10/18 4:4 p.m.•149 views

CVE-2019-17393

CVE-2019-17393 affects Tomedo Server 1.7.3 (Customer Tomedo Server) which communicates with the Vendor Tomedo Update Server over HTTP in cleartext. The vulnerability arises from cleartext transmission of credentials protected only by basic authentication, enabling an attacker to potentially sniff...

9.8CVSS9.4AI score0.01836EPSS

Exploits1References2Affected Software1

BDU FSTEC•added 2019/09/25 12:0 a.m.•19 views

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches, which is related to the default use of the HTTP protocol, allows attackers to intercept administrator credentials and other confidential information, thereby gaining access to the control system.

The vulnerability of the microprogrammed software of Moxa EDS-G516E and Moxa EDS-510E switches is related to the default use of the HTTP protocol in implementing the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to remotely intercept administrator...

10CVSS5.5AI score

Exploits0References2Affected Software2

BDU FSTEC•added 2019/09/25 12:0 a.m.•4 views

The vulnerability of the embedded web-server microprogramming software for Moxa MGate models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 allows a hacker to intercept administrator credentials and other confidential information, gaining access to the control system.

The vulnerability of the embedded web-server microprogramming system controllers from Moxa, models MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660, stems from the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability...

10CVSS5.5AI score0.0094EPSS

Exploits0References3Affected Software6

RedHat Linux•added 2019/09/03 1:56 a.m.•12 views

squid: heap-based buffer overflow in HttpHeader::getAuth

A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow...

8.8CVSS6AI score0.51473EPSS

Exploits0References5

Tenable Nessus•added 2019/08/22 12:0 a.m.•29 views

Cisco Adaptive Security Appliance VPN SAML Authentication Bypass Vulnerability (cisco-sa-20190501-asaftd-saml-vpn)

According to its self-reported version the Cisco Adaptive Security Appliance ASA software running on the remote device is affected by an authentication bypass vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and...

8.6CVSS6.8AI score0.01977EPSS

Exploits0References3

OSV•added 2019/07/18 5:22 p.m.•2 views

USN-4065-1 squid, squid3 vulnerabilities

It was discovered that Squid incorrectly handled Digest authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. CVE-2019-12525 It was discovered that Squid incorrectly handled Basic authentication. A remote attacker could use this...

9.8CVSS6.8AI score0.51473EPSS

Exploits0References4

ALT Linux•added 2019/07/16 12:0 a.m.•40 views

Security fix for the ALT Linux 9 package squid version 4.8-alt1

4.8-alt1 built July 16, 2019 Alexey Shabalin in task 234609 --- July 15, 2019 Alexey Shabalin - Updated to 4.8 - Fixes: + CVE-2019-12854 Denial of Service issue in cachemgr.cgi + CVE-2019-12529 Denial of Service in HTTP Basic Authentication + CVE-2019-12525 Denial of Service in HTTP Digest...

7.5CVSS2.4AI score0.74477EPSS

Exploits1

Hacker One•added 2019/07/12 3:23 p.m.•155 views

Internet Bug Bounty: Basic Authentication Heap Overflow

Summary: An attacker can get arbitrary data overflowed in the heap via Basic Authorization base64 blob. Even when basic auth isn't configured. Report sent to developers When calling HttpHeader::getAuth the field value will be base64 decoded. The call to the decode method doesn't ensure that the...

6.8CVSS9.9AI score0.51473EPSS

Exploits0

OSV•added 2019/07/11 7:15 p.m.•30 views

CVE-2019-12529

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...

5.9CVSS6.4AI score

Exploits0References12

OSV•added 2019/07/11 7:15 p.m.•1 views

DEBIAN-CVE-2019-12529

5.9CVSS6.9AI score0.08092EPSS

Exploits0References1

NVD•added 2019/07/11 7:15 p.m.•15 views

CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user...

8.8CVSS9.4AI score0.51473EPSS

Exploits0References11

NVD•added 2019/07/11 7:15 p.m.•27 views

CVE-2019-12529

5.9CVSS7.2AI score0.08092EPSS

Exploits0References12

OSV•added 2019/07/11 7:15 p.m.•24 views

CVE-2019-12527

8.8CVSS7AI score

Exploits0References11

OSV•added 2019/07/11 7:15 p.m.•2 views

DEBIAN-CVE-2019-12527