Lucene search
K

34 matches found

Prion
Prion
added 2023/12/07 8:15 p.m.16 views

Design/Logic Flaw

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service...

5CVSS7.3AI score0.00827EPSS
Exploits0References2Affected Software10
VulnCheck KEV
VulnCheck KEV
added 2023/12/04 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.5CVSS7.1AI score0.03888EPSS
Exploits4References1
Cvelist
Cvelist
added 2023/04/12 12:0 a.m.20 views

CVE-2023-22620

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface...

7.7AI score0.03888EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.2 views

SUSE CVE-2010-0283

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid 1 AS-REQ or 2 TGS-REQ request...

7.8CVSS6.9AI score0.02429EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

6.8CVSS10AI score0.21646EPSS
Exploits1References6
OSV
OSV
added 2021/12/13 2:15 a.m.3 views

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

5.3CVSS6.1AI score0.23141EPSS
Exploits4References2
Prion
Prion
added 2020/02/12 2:15 p.m.17 views

Design/Logic Flaw

The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...

4.3CVSS7.2AI score0.01361EPSS
Exploits4References2
Prion
Prion
added 2020/02/12 2:15 p.m.15 views

Design/Logic Flaw

The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue...

4.3CVSS7.2AI score0.00373EPSS
Exploits4References2
Cvelist
Cvelist
added 2019/04/17 1:31 p.m.33 views

CVE-2019-9496 An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...

6.5AI score0.05224EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2019/04/11 10:49 p.m.33 views

CVE-2019-9496

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...

7.5CVSS2.8AI score0.05224EPSS
Exploits0References5
NVD
NVD
added 2017/01/30 9:59 p.m.33 views

CVE-2015-7979

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...

7.5CVSS6.4AI score0.11887EPSS
Exploits0References29
ATTACKERKB
ATTACKERKB
added 2017/01/30 9:59 p.m.1 views

CVE-2015-7979

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...

7.5CVSS5.6AI score0.11887EPSS
Exploits0References31
OSV
OSV
added 2017/01/30 9:59 p.m.1 views

DEBIAN-CVE-2015-7979

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...

7.5CVSS7.6AI score0.11887EPSS
Exploits0References1
OSV
OSV
added 2017/01/30 9:59 p.m.7 views

CVE-2015-7979

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service client-server association tear down by sending broadcast packets with invalid authentication to a broadcast client...

7.5CVSS7.5AI score0.11887EPSS
Exploits0References30
Rows per page
Query Builder