Lucene search
+L

325 matches found

CVE
CVE
added 2021/07/15 4:0 p.m.54 views

CVE-2021-29725

CVE-2021-29725 affects IBM Secure External Authentication Server (versions 2.4.3.2, 6.0.1, 6.0.2) and IBM Secure Proxy (versions 3.4.3.2, 6.0.1, 6.0.2). The issue is a resource leak that could allow a remote attacker to exhaust resources and cause a denial of service. Connected IBM advisories ide...

7.5CVSS7.3AI score0.02937EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/07/15 4:0 p.m.20 views

CVE-2021-29725

IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource leak...

7.5CVSS7.6AI score0.02937EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.4 views

PT-2021-18449 · Ibm · Ibm Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server version 6.0.2 IBM Secure Proxy version 6.0.2 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or...

6.5CVSS5.8AI score0.00833EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.5 views

PT-2021-18433 · Ibm · Ibm Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server versions 2.4.3.2, 6.0.1, 6.0.2 IBM Secure Proxy versions 3.4.3.2, 6.0.1, 6.0.2 Description: The issue allows a remote user to consume resources, causing a denial of service due to a resource leak...

7.5CVSS7.4AI score0.02937EPSS
Exploits0References4
OSV
OSV
added 2021/06/02 1:15 p.m.5 views

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...

7.5CVSS7.3AI score0.00789EPSS
Exploits0References1
Prion
Prion
added 2021/06/02 1:15 p.m.22 views

Design/Logic Flaw

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source SSO or Open ID can claim the privileges of already existing local users of Satellite...

6CVSS7.6AI score0.00789EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/02 12:0 a.m.5 views

PT-2021-9722 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite versions 6.7.2 and later Description: A flaw was discovered that allows an account takeover. An attacker with proper authentication to an external authentication source, such as SSO or Open ID, can claim the privileges of...

7.5CVSS7.5AI score0.00789EPSS
Exploits0References3
OSV
OSV
added 2021/06/01 6:15 p.m.14 views

CVE-2021-32651

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The...

4.3CVSS7.2AI score
Exploits0References2
Veracode
Veracode
added 2021/04/29 12:5 p.m.29 views

Insecure Access Control

The team sync HTTP API in Grafana Enterprise has an insecure Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can b...

6.5CVSS1.1AI score0.0161EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2021/04/05 7:15 p.m.4 views

CVE-2021-24166

The wpajaxnfoauthdisconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...

5.4CVSS5.8AI score0.00458EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/03/29 12:0 a.m.24 views

Grafana 7.4.0-beta1 < 7.4.5 Access Control Bypass Vulnerability

Grafana is prone to an access control bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.5CVSS7.6AI score0.01397EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/03/29 12:0 a.m.25 views

Grafana 6.1.0-beta1 - 7.4.3 Access Control Bypass Vulnerability

Grafana is prone to an access control bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.5CVSS7.6AI score0.0161EPSS
Exploits0References1
NVD
NVD
added 2021/03/22 3:15 p.m.37 views

CVE-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...

6.5CVSS0.0161EPSS
Exploits0References8
Prion
Prion
added 2021/03/22 3:15 p.m.25 views

Design/Logic Flaw

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...

3.5CVSS6.3AI score0.0161EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2021/03/22 3:15 p.m.28 views

CVE-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...

6.5CVSS6.8AI score0.0161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/03/22 3:15 p.m.2 views

CVE-2021-28147

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated...

6.5CVSS6.9AI score0.0161EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2021/03/22 2:0 p.m.59 views

CVE-2021-28146

The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team...

6.5CVSS6.9AI score0.01397EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/03/22 12:0 a.m.6 views

PT-2021-17773 · Grafana +2 · Grafana Enterprise +3

Name of the Vulnerable Software and Affected Versions: Grafana Enterprise versions 6.x through 6.7.5 Grafana Enterprise versions 7.x through 7.3.9 Grafana Enterprise versions 7.4.x through 7.4.4 Description: The team sync HTTP API in Grafana Enterprise presents an Incorrect Access Control issue. ...

10CVSS6.8AI score0.99888EPSS
Exploits47References98
PyPA
PyPA
added 2021/02/27 5:15 a.m.7 views

PYSEC-2021-50

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

9.8CVSS7AI score0.72945EPSS
Exploits5References9Affected Software1
PyPA
PyPA
added 2021/02/27 5:15 a.m.6 views

PYSEC-2021-54

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

9.1CVSS7.1AI score0.05196EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder