Lucene search
K

1555 matches found

RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.5 views

freeradius: Crash on unknown option in EAP-SIM

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

7.5CVSS5.8AI score0.01171EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.4 views

PT-2023-20806

Name of the Vulnerable Software and Affected Versions wangmarket CMS version 4.10 Description The issue allows remote attackers to run arbitrary SQL commands via the TableName parameter to the "/plugin/dataDictionary/tableView.do" API endpoint. This enables attackers to manipulate database querie...

9.8CVSS7.5AI score0.00966EPSS
Exploits1References8
NVD
NVD
added 2023/04/25 7:15 p.m.18 views

CVE-2022-40722

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.5AI score0.00328EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 7:15 p.m.16 views

Design/Logic Flaw

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

1.7CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software3
Microsoft CVE
Microsoft CVE
added 2023/04/25 7:0 a.m.3 views

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logic and memory errors such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string and any value is possible (not solely the '\0' value).

...

6.5CVSS7.6AI score0.01013EPSS
Exploits0
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.19 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.7AI score0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.8 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.1AI score0.00328EPSS
Exploits0References2
CVE
CVE
added 2023/04/25 12:0 a.m.38 views

CVE-2022-40722

CVE-2022-40722 concerns a misconfiguration of RSA padding in the PingID Adapter for PingFederate used to support Offline MFA with PingID mobile authenticators. Red Hat, NVD, CNNVD and other sources describe that this faulty padding enables pre-computed dictionary attacks that bypass offline MFA. ...

7.7CVSS5.9AI score0.00328EPSS
Exploits0References2Affected Software3
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.6 views

PingID Adapter 加密问题漏洞

PingID Adapter is a middleware for authentication and access control from Ping Identity. A security vulnerability exists in PingID Adapter that stems from the vulnerability of offline MFA to pre-computed dictionary attacks, which can lead to offline MFA being bypassed...

7.7CVSS5.9AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2023/04/24 9:15 p.m.2 views

DEBIAN-CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

6.5CVSS7.1AI score0.01013EPSS
Exploits0References1
NVD
NVD
added 2023/04/19 12:15 a.m.19 views

CVE-2023-30557

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...

6.5CVSS6.7AI score0.00844EPSS
Exploits1References2
CVE
CVE
added 2023/04/18 10:35 p.m.55 views

CVE-2023-30558

CVE-2023-30558 affects Archery, an open source SQL audit platform. The vulnerability arises from multiple SQL injection flaws in the sql/data_dictionary.py table_list endpoint, where untrusted input from the db_name parameter is concatenated into SQL queries and passed to database engines. Affect...

6.5CVSS6.8AI score0.00835EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.6 views

PT-2023-22785 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. User input coming from the db name in the sql/data...

6.5CVSS6.9AI score0.00835EPSS
Exploits1References4
OSV
OSV
added 2023/04/14 12:15 p.m.4 views

CVE-2022-47027

Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution...

9.8CVSS6AI score0.01474EPSS
Exploits1References3
NVD
NVD
added 2023/04/14 12:15 p.m.10 views

CVE-2022-47027

Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution...

9.8CVSS9.6AI score0.01474EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.3 views

Timmystudios Fast Typing Keyboard 路径遍历漏洞

Timmystudios Fast Typing Keyboard is an Android app keyboard by Timmystudios. A security vulnerability exists in Timmystudios Fast Typing Keyboard version v1.275.1.162, which originated from a vulnerability that allows unauthorized applications to overwrite arbitrary files in its internal storage...

9.8CVSS9.1AI score0.01474EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/04/14 12:0 a.m.15 views

CVE-2022-47027

Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution...

9.7AI score0.01474EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-15136 · Timmystudios · Timmystudios Fast Typing Keyboard

Name of the Vulnerable Software and Affected Versions: Timmystudios Fast Typing Keyboard version 1.275.1.162 Description: The issue allows unauthorized apps to overwrite arbitrary files in the internal storage of Timmystudios Fast Typing Keyboard via a dictionary traversal vulnerability, which ca...

9.8CVSS7.3AI score0.01474EPSS
Exploits1References8
CVE
CVE
added 2023/04/14 12:0 a.m.41 views

CVE-2022-47027

CVE-2022-47027 affects Timmystudios Fast Typing Keyboard v1.275.1.162. A dictionary traversal vulnerability in the app’s internal storage allows unauthorized apps to overwrite arbitrary files, enabling arbitrary code execution. Connected sources corroborate the same description and surface no pub...

9.8CVSS9.4AI score0.01474EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-3193

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.10.4 Description The issue is related to the xmlDictComputeFastKey function in dict.c, which can produce non-deterministic values when hashing empty dict strings in a crafted XML document. This can lead to various...

10CVSS5.8AI score0.51733EPSS
Exploits20References136
Rows per page
Query Builder