Lucene search
K

7691 matches found

CVE
CVE
added 2021/07/20 10:43 p.m.74 views

CVE-2021-2358

CVE-2021-2358 affects Oracle Fusion Middleware Oracle Access Manager (Rest interfaces for Access Mgr), with affected version 11.1.2.3.0. Post-authentication impact: a high-privilege attacker who can reach Oracle Access Manager over HTTPS can gain unauthorized access to confidential data or data a...

4.9CVSS5.1AI score0.01586EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/20 10:43 p.m.25 views

CVE-2021-2358

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Rest interfaces for Access Mgr. The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Acces...

4.9CVSS6AI score0.01586EPSS
Exploits0References1
OSV
OSV
added 2021/07/19 3:15 p.m.4 views

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

7.5CVSS7.2AI score0.02962EPSS
Exploits0References1
NVD
NVD
added 2021/07/19 3:15 p.m.11 views

CVE-2021-20109

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

7.5CVSS0.01378EPSS
Exploits0References1
NVD
NVD
added 2021/07/19 3:15 p.m.43 views

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

10CVSS0.07376EPSS
Exploits0References1
NVD
NVD
added 2021/07/19 3:15 p.m.16 views

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

7.5CVSS0.02962EPSS
Exploits0References1
OSV
OSV
added 2021/07/19 3:15 p.m.3 views

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

9.8CVSS7.9AI score0.07376EPSS
Exploits0References1
Prion
Prion
added 2021/07/19 3:15 p.m.13 views

Memory corruption

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...

5CVSS7.7AI score0.02962EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/19 3:15 p.m.21 views

Design/Logic Flaw

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

5CVSS7.7AI score0.01378EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/07/19 3:15 p.m.1 views

UBUNTU-CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

9.8CVSS7.9AI score0.07376EPSS
Exploits0References3
Prion
Prion
added 2021/07/19 3:15 p.m.24 views

Integer overflow

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

10CVSS9.7AI score0.07376EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/19 2:48 p.m.62 views

CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

10AI score0.07376EPSS
Exploits0References1
CVE
CVE
added 2021/07/19 2:48 p.m.59 views

CVE-2021-20110

CVE-2021-20110 affects Manage Engine AssetExplorer Agent 1.0.34. According to the provided sources, the agent does not validate HTTPS certificates, enabling an attacker on the network to spoof the Asset Explorer server IP and send a NEWSCAN to a listening agent, potentially obtaining the agent’s ...

10CVSS9.7AI score0.07376EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/19 2:34 p.m.45 views

CVE-2021-20108

CVE-2021-20108 affects Manage Engine Asset Explorer Agent 1.0.34. The agent listens on TCP port 9000 for HTTPS commands from the Manage Engine Server, but uses unverified HTTPS certificates, allowing arbitrary users on the network to send commands. Although authtoken validation may prevent comman...

7.5CVSS7.7AI score0.02962EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/19 2:24 p.m.59 views

CVE-2021-20109

CVE-2021-20109 affects Zoho ManageEngine AssetExplorer: an Asset Explorer agent that does not validate HTTPS certificates allows a network attacker to spoof the server IP and issue NEWSCAN requests, potentially triggering the agent to reveal its HTTP requests and tokens. The root cause is a heap ...

7.5CVSS7.7AI score0.01378EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2021/07/19 9:43 a.m.58 views

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/07/16 12:0 a.m.13 views

Unspecified vulnerability in Ypsomed mylife App (CNVD-2021-69617)

Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App by Ypsomed has a security vulnerability that reflects...

7.1CVSS0.2AI score0.0081EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/16 12:0 a.m.9 views

Medialize URI.js 输入验证错误漏洞

Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently stitch URLs. Medialize URI.js is vulnerable to an input validation error that results from a new URI that fails to properly parse https:///, which leads to the system user being directed to...

6.1CVSS5.6AI score0.0091EPSS
Exploits1References5
OSV
OSV
added 2021/07/15 12:0 a.m.1 views

UBUNTU-CVE-2021-29974

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security which implies that the error should not be override-able. This issue did not...

4.3CVSS6.1AI score0.0084EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/07/14 12:0 a.m.191 views

FreeBSD : go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (c365536d-e3cf-11eb-9d8d-b37b683944c2)

The Go project reports : crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...

6.5CVSS6.8AI score0.07032EPSS
Exploits1References3
Rows per page
Query Builder