Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-1645

Malware in sbrugna...

6.8CVSS6.4AI score0.01424EPSS
Exploits0References8
Veracode
Veracode
added 2024/02/09 8:42 a.m.10 views

Improper Authorization

DIRAC is vulnerable to Improper Authorization. The vulnerability is caused due to the TokenManager not checking permissions on cached tokens. This allows an attacker to use improperly cached tokens to gain access to resources, data, or functionalities within the DIRAC system for which they do not...

9.1CVSS7.3AI score0.00534EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/08 11:39 p.m.1 views

CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

9.1CVSS7AI score0.00534EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/08 11:39 p.m.33 views

CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC

DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...

9.1CVSS9.3AI score0.00534EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/08 3:32 p.m.23 views

DIRAC's TokenManager does not check permissions on cached tokens

Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...

9.1CVSS7AI score0.00534EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/08 3:32 p.m.7 views

GHSA-59QJ-JCJV-662J DIRAC's TokenManager does not check permissions on cached tokens

Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...

9.1CVSS8.2AI score0.00534EPSS
Exploits0References6
OSV
OSV
added 2023/11/06 1:15 p.m.4 views

CVE-2023-4910

A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...

5.5CVSS5.8AI score0.00212EPSS
Exploits0References2
NVD
NVD
added 2023/10/18 10:15 p.m.41 views

CVE-2023-45814

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.2AI score0.00449EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/18 9:22 p.m.44 views

CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum

Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...

5.3CVSS5.5AI score0.00449EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.6 views

PT-2023-5466 · Red Hat · 3Scale Admin Portal

Name of the Vulnerable Software and Affected Versions: 3Scale Admin Portal affected versions not specified Description: A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the...

5.5CVSS5.1AI score0.00212EPSS
Exploits0References9
OSV
OSV
added 2019/07/02 8:15 p.m.3 views

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...

9.8CVSS7AI score0.03121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/04/24 12:0 a.m.3 views

PT-2019-2951 · Red Hat +1 · Spacewalk-Proxy +1

Name of the Vulnerable Software and Affected Versions: spacewalk-proxy versions through 2.9 Description: A path traversal flaw was found in the way the proxy processes cached client tokens. This issue could allow a remote, unauthenticated attacker to test the existence of arbitrary files or execu...

10CVSS5.4AI score0.03121EPSS
Exploits0References21
OpenVAS
OpenVAS
added 2018/06/27 12:0 a.m.80 views

Microsoft Windows 10: Consumer Microsoft account user authentication

When enabled, this policy will prevent all applications and services on the device from new consumer Microsoft account authentication via the Windows OnlineID and WebAccountManager APIs. This policy may not affect applications which have already authenticated until the authentication cache expire...

7.3AI score
Exploits0References5
Prion
Prion
added 2007/03/24 12:19 a.m.18 views

Design/Logic Flaw

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens...

7.5CVSS6.8AI score0.01273EPSS
Exploits0References7
NVD
NVD
added 2007/03/24 12:19 a.m.10 views

CVE-2007-1652

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens...

7.5CVSS6.3AI score0.01273EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/03/24 12:0 a.m.20 views

CVE-2007-1652

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens...

6.3AI score0.01273EPSS
Exploits0References7
Rows per page
Query Builder