Lucene search
+L

93 matches found

Hacker One
Hacker One
added 2019/02/15 1:56 a.m.24 views

U.S. Dept Of Defense: █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files

Summary: To download a file, ████ directs users to /██████████/Download.aspx and sets a cookie authenticating the download. The cookie looks like this: pickup=Subject=&PackageID=MTU4NDgzMTU=███ If an attacker can generate this cookie, this allows downloading a file. As it turns out, the generatio...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2019/02/14 6:30 p.m.21 views

U.S. Dept Of Defense: █████ - Pre-generation of VIEWSTATE allows CAC bypass

Summary: As of today, ███ is back online https://███████. █████████ allows users to check a box labeled Require CAC for Pick-up. This option requires users to present their CAC in order to download files. As explained by ███: Choosing this option, however, does add a significant degree of assuran...

0.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.33 views

SUSE SLED15 / SLES15 Security Update : opensc (SUSE-SU-2018:3629-1)

This update for opensc fixes the following security issues : CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card bsc1106998 CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card bsc1106999 CVE-2018-16393: Fixed buffer overflows when...

6.8CVSS6.2AI score0.00692EPSS
Exploits12References41
OpenVAS
OpenVAS
added 2018/11/10 12:0 a.m.29 views

openSUSE: Security Advisory for opensc (openSUSE-SU-2018:3716-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.4AI score0.00692EPSS
Exploits12References2
Hacker One
Hacker One
added 2018/10/25 10:21 p.m.15 views

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/10/01 9:51 a.m.7 views

cac-passages.com XSS vulnerability

Open Bug Bounty ID: OBB-681608 Description| Value ---|--- Affected Website:| cac-passages.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

0.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/09/12 6:23 a.m.26 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS5.3AI score0.00692EPSS
Exploits1References2
Prion
Prion
added 2018/09/04 12:29 a.m.19 views

Buffer overflow

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

4.6CVSS6.9AI score0.00692EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2018/09/04 12:29 a.m.22 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS7AI score0.00692EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2018/09/04 12:29 a.m.28 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS6.8AI score0.00692EPSS
Exploits1References3
OSV
OSV
added 2018/09/04 12:29 a.m.29 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS7.4AI score
Exploits0References5
OSV
OSV
added 2018/09/04 12:29 a.m.2 views

UBUNTU-CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS6.6AI score0.00692EPSS
Exploits1References4
Cvelist
Cvelist
added 2018/09/04 12:0 a.m.28 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.8AI score0.00692EPSS
Exploits1References5
CNVD
CNVD
added 2018/09/04 12:0 a.m.3 views

OpenSC Buffer Overflow Vulnerability (CNVD-2019-28622)

OpenSC is an open source smart card tool and middleware. A buffer overflow vulnerability exists in the 'cacgetserialnrfromCUID' function in the libopensc/card-cac.c file in versions prior to OpenSC 0.19.0-rc1. An attacker could use this vulnerability to cause a denial of service application crash...

6.6CVSS6.6AI score0.00692EPSS
Exploits1References1
CVE
CVE
added 2018/09/04 12:0 a.m.112 views

CVE-2018-16421

CVE-2018-16421 affects the OpenSC project, specifically a buffer overflow in libopensc/card-cac.c (cac_get_serial_nr_from_CUID) when processing CAC card responses, on OpenSC versions prior to 0.19.0-rc1. This vulnerability could allow a crafted smartcard attacker to cause a denial of service (app...

6.6CVSS6.8AI score0.00692EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2018/09/04 12:0 a.m.37 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS7AI score0.00692EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/09/04 12:0 a.m.28 views

CVE-2018-16421

Several buffer overflows when handling responses from a CAC Card in cacgetserialnrfromCUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

6.6CVSS7.3AI score0.00692EPSS
Exploits1
Microsoft KB
Microsoft KB
added 2018/08/30 12:0 a.m.6 views

August 30, 2018—KB4343884 (OS Build 14393.2457)

None None...

6.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:35 p.m.20 views

Security Bulletin: A security vulnerability has been identified in Tivoli Integrated Portal shipped with IBM Tivoli Storage Manager FastBack for Workstations (CVE-2017-1121)

Summary Inside the Tivoli Integrated Portal there is a potential cross-site scripting vulnerability in the Admin Console of WebSphere Application Server in the underlying eWAS Vulnerability Details Please consult the Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere...

5.4CVSS0.4AI score0.00879EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:29 p.m.20 views

Security Bulletin: Code execution vulnerability in IBM WebSphere Application Server affects FastBack for Workstations Central Administration Console (CVE-2016-5983)

Summary There is a code execution vulnerability in IBM WebSphere Application Server that affects FastBack for Workstations Central Administration Console. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Jav...

7.5CVSS0.1AI score0.04116EPSS
Exploits0Affected Software1
Rows per page
Query Builder