Lucene search
+L

84 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.9 views

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

9.8CVSS7.2AI score0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-0477

Malware in sbrugna...

5CVSS6.4AI score0.02005EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-9694

Malware in sbrugna...

9.3CVSS7.8AI score0.01342EPSS
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2025/07/17 11:0 a.m.8 views

Fail-Open Architecture for Secure Inline Protection on Azure

Every inline deployment introduces a tradeoff: enhanced inspection versus increased risk of downtime. Inline protection is important, especially for APIs, which are now the most targeted attack surface, but so is consistent uptime and performance. This is where a fail-open architecture comes in...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.14 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS7.3AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:31 a.m.10 views

CVE-2013-3280

EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash...

7.5CVSS7AI score0.0228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/11 3:14 a.m.9 views

CVE-2025-32028

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

9.9CVSS6.9AI score0.01838EPSS
Exploits1References1
NVD
NVD
added 2025/04/08 4:15 p.m.19 views

CVE-2025-32028

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

9.9CVSS0.01838EPSS
Exploits1References1
NVD
NVD
added 2024/09/25 5:15 p.m.33 views

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

6.5CVSS0.00417EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:53 a.m.33 views

BIT-CONSUL-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.3AI score0.0174EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.8 views

PT-2023-9658 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Cisco UTD Snort IPS Engine could allow an unauthenticated, remote...

6.5CVSS7.3AI score0.00417EPSS
Exploits0References8
OSV
OSV
added 2023/11/07 8:15 p.m.2 views

DEBIAN-CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

6.5CVSS6.7AI score0.01151EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/11/07 7:14 p.m.89 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0
CNVD
CNVD
added 2023/06/30 12:0 a.m.27 views

Cisco Duo Authentication Error Vulnerability

Cisco Duo is a fully managed solution from Cisco, Inc. Provides secure access to your applications and data. An authentication error vulnerability exists in Cisco Duo Two-Factor Authentication, which arises from incorrectly handling responses from Cisco Duo when the application is configured to...

6.6CVSS6.6AI score0.00293EPSS
Exploits0References1
OSV
OSV
added 2023/06/28 3:15 p.m.5 views

CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configur...

6.6CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/21 4:0 p.m.5 views

CVE-2023-20199

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configur...

6.6CVSS6.7AI score0.00293EPSS
Exploits0References2
OSV
OSV
added 2021/07/17 6:15 p.m.21 views

CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.4AI score
Exploits0References4
OSV
OSV
added 2021/07/17 6:15 p.m.6 views

UBUNTU-CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.1AI score0.0174EPSS
Exploits0References5
Prion
Prion
added 2021/07/17 6:15 p.m.28 views

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

5CVSS7.3AI score0.0174EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2021/07/17 6:15 p.m.23 views

CVE-2021-36213

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...

7.5CVSS7.1AI score0.0174EPSS
Exploits0References4
Rows per page
Query Builder