Lucene search
K

5908 matches found

CVE
CVE
added 2024/09/11 9:53 a.m.59 views

CVE-2024-45327

FortiSOAR is affected by an improper authorization vulnerability (CWE-285) in the change password endpoint, enabling an authenticated attacker to perform brute force attacks on user and administrator passwords. Affected FortiSOAR versions are 7.0.0–7.0.3, 7.2.0–7.2.2, 7.3.0–7.3.2, and 7.4.0–7.4.3...

7.5CVSS6.9AI score0.0034EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/11 9:53 a.m.12 views

CVE-2024-45327

An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...

7.5CVSS6.9AI score0.0034EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/11 8:49 a.m.5 views

Denial Of Service (DoS)

Keycloak is vulnerable to a Denial of Service DoS. The vulnerability is due to a lack of limits on the number of attributes per object, allowing an attacker to send repeated HTTP requests that cause resource exhaustion when the application returns rows with long attribute values...

7.5CVSS6.5AI score0.00736EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/10 6:30 p.m.32 views

Keycloak Denial of Service vulnerability

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with...

7.5CVSS6.2AI score0.00736EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/09/10 6:30 p.m.17 views

GHSA-W97F-W3HQ-36G2 Keycloak Denial of Service vulnerability

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with...

7.1CVSS7.1AI score0.00736EPSS
Exploits0References6
OSV
OSV
added 2024/09/10 5:15 p.m.10 views

CVE-2023-6841

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values...

7.5CVSS6.6AI score0.00736EPSS
Exploits0References2
Prion
Prion
added 2024/09/10 5:15 p.m.11 views

CVE-2023-6841

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values...

7.5CVSS0.00736EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/09/10 4:13 p.m.18 views

CVE-2023-6841

A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. Mitigation This CVE is mitigated by the...

7.5CVSS7.3AI score0.00736EPSS
Exploits0References3
NVD
NVD
added 2024/09/10 3:15 p.m.20 views

CVE-2024-21753

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...

6CVSS0.00741EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 2:37 p.m.22 views

CVE-2024-21753

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...

5.5CVSS0.00741EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 2:37 p.m.27 views

CVE-2024-21753

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8, 1.2.1 through 1.2.5 allows attacker to perform a denial of service, read or...

5.5CVSS6.9AI score0.00741EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/09/05 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-6988-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS6.6AI score0.01109EPSS
Exploits0References2
NVD
NVD
added 2024/09/04 5:15 p.m.10 views

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...

8.1CVSS0.00648EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/09/04 4:28 p.m.36 views

CVE-2024-20440

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS7.5AI score0.51466EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/04 12:0 a.m.7 views

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...

0.00648EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/09/04 12:0 a.m.12 views

CVE-2024-45170

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...

7.2AI score0.00648EPSS
Exploits2References2
CVE
CVE
added 2024/09/04 12:0 a.m.47 views

CVE-2024-45170

CVE-2024-45170 affects za-internet C-MOR Video Surveillance 5.2401. The issue is improper or missing access control: low-privileged users can invoke administrative functions via the web interface by sending HTTP requests, because server-side checks are absent though the UI restricts the features....

8.1CVSS7.2AI score0.00648EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.144 views

ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal', 'Description' = %q This module exploits a directory traversal vulnerabili...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.248 views

SAP Solution Manager Remote Unauthorized OS Commands Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Solution Manager remote unauthorized OS commands execution', 'License' = MSFLICENSE, 'Author' = 'Yvan Genuer', @1ggy The researcher who...

10CVSS7.2AI score0.98376EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.147 views

FortiOS Path Traversal Credential Gatherer

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiOS Path Traversal Credential Gatherer', 'Description' = %q Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6...

7.4AI score
Exploits0
Rows per page
Query Builder