Lucene search
K

152 matches found

Cvelist
Cvelist
added 2024/10/25 7:57 a.m.27 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS0.00425EPSS
Exploits0References1
CVE
CVE
added 2024/10/25 7:57 a.m.48 views

CVE-2024-45785

MUSASI version 3 is affected by a client-side authentication flaw (CWE-603) that can allow a user to fetch another user’s credentials and sensitive information. Multiple sources (CVE-2024-45785 entries across NVD, JVN, Red Hat, and vendor advisories) confirm the issue arises from authentication l...

7.5CVSS6.6AI score0.00425EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/25 7:57 a.m.10 views

CVE-2024-45785

MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved...

7.5CVSS7.5AI score0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.5 views

PT-2024-31765 · Musasi · Musasi

Name of the Vulnerable Software and Affected Versions: MUSASI version 3 Description: The issue is related to the use of client-side authentication. If exploited, it may allow retrieval of other users' credentials and sensitive information. Recommendations: For MUSASI version 3, consider disabling...

7.5CVSS7.1AI score0.00425EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 5:40 a.m.4 views

MUSASI version 3 performing authentication on client-side

Overview MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This...

7.5CVSS7AI score0.00425EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/27 4:7 p.m.19 views

CVE-2024-39375 Use of Client-Side Authentication in TELSAT marKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges...

9.3CVSS7.1AI score0.00567EPSS
Exploits1References1
ICS
ICS
added 2024/06/27 6:0 a.m.47 views

TELSAT marKoni FM Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : marKoni Equipment : Markoni-D Compact FM Transmitters, Markoni-DH Exciter+Amplifiers FM Transmitters Vulnerabilities : Command Injection, Use of Hard-coded...

9.8CVSS9.8AI score0.01211EPSS
Exploits4References10
Hacker One
Hacker One
added 2023/02/17 7:46 p.m.22 views

U.S. Dept Of Defense: Client side authentication leads to Auth Bypass

A client-side authentication vulnerability was discovered that allowed an attacker to bypass authentication and access sensitive data. By setting a specific parameter in the local storage, the attacker could gain access to the data without providing the correct password. The vulnerability was...

7.1AI score
Exploits0
OSV
OSV
added 2022/09/19 5:15 p.m.5 views

CVE-2022-3218

Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...

9.8CVSS6.1AI score0.73475EPSS
Exploits5References5
Prion
Prion
added 2022/09/19 5:15 p.m.26 views

Remote code execution

Due to a reliance on client-side authentication, the WiFi Mouse Mouse Server from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution...

7.5CVSS9.8AI score0.73475EPSS
Exploits5References5Affected Software1
CVE
CVE
added 2022/09/19 4:50 p.m.418 views

CVE-2022-3218

CVE-2022-3218 concerns the WiFi Mouse (Mouse Server) from Necta LLC, where authentication is implemented entirely on the client side, enabling a bypass that can lead to remote code execution. Multiple connected sources provide concrete details: (1) NVD/NVDC notes a client-side auth bypass allowin...

9.8CVSS9.8AI score0.73475EPSS
Exploits5References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.10 views

PT-2022-21141 · Necta Llc · Wifi Mouse

Name of the Vulnerable Software and Affected Versions: WiFi Mouse Mouse Server from Necta LLC affected versions not specified Description: The issue arises due to the WiFi Mouse Mouse Server's reliance on client-side authentication, which allows its authentication mechanism to be easily bypassed...

9.8CVSS9.7AI score0.73475EPSS
Exploits5References7
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.38 views

Necta WiFi Mouse 授权问题漏洞

Necta WiFi Mouse is a wireless mouse from Necta. A security vulnerability exists in Necta WiFi Mouse version 1.7.8.5, which stems from the fact that due to the reliance on client-side authentication, the authentication mechanism can be easily bypassed, which could lead to remote code execution...

9.8CVSS8.7AI score0.73475EPSS
Exploits5References7
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.7 views

The vulnerability of the SCADA system SIMATIC WinCC, related to the possibility of using authentication on the client side, allows attackers to increase their privileges.

The vulnerability of the SCADA system SIMATIC WinCC is related to the possibility of using authentication on the client side. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

10CVSS7.7AI score0.01166EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/06/21 1:15 p.m.1 views

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

9.8CVSS5.7AI score0.01166EPSS
Exploits0References3
OSV
OSV
added 2022/06/21 1:15 p.m.3 views

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

9.8CVSS5.7AI score0.01166EPSS
Exploits0References2
Prion
Prion
added 2022/06/21 1:15 p.m.19 views

Default configuration

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

6.8CVSS9.5AI score0.01166EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/21 12:0 a.m.5 views

PT-2022-3046 · Siemens · Simatic Wincc Oa V3.17 +4

Name of the Vulnerable Software and Affected Versions: Cerberus DMS versions all Desigo CC versions all Desigo CC Compact versions all SIMATIC WinCC OA V3.16 versions all SIMATIC WinCC OA V3.17 versions all SIMATIC WinCC OA V3.18 versions all Description: A vulnerability has been identified in th...

10CVSS9.5AI score0.01166EPSS
Exploits0References7
ICS
ICS
added 2022/06/21 12:0 a.m.114 views

Siemens WinCC OA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC OA Vulnerability: Use of Client-side Authentication CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...

9.8CVSS10AI score0.01166EPSS
Exploits0References11
OSV
OSV
added 2022/06/02 10:15 p.m.4 views

CVE-2022-31463

Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used...

7.1CVSS7.4AI score0.00967EPSS
Exploits1References3
Rows per page
Query Builder