Lucene search
K

64 matches found

Github Security Blog
Github Security Blog
added 2026/03/27 5:21 p.m.11 views

Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

8.8CVSS6AI score0.00347EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2026/03/27 12:16 a.m.7 views

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-21265

Malware in sbrugna...

7.5CVSS7.5AI score0.02351EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-0110

Malware in sbrugna...

6.8CVSS6.2AI score0.02896EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-4398

Malware in sbrugna...

2.6CVSS6.4AI score0.01155EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 9:2 p.m.20 views

CVE-2022-46829

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...

8.8CVSS6.8AI score0.00428EPSS
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.9 views

Error: "SR BACKEND FAILURE 181" in XenServer

After installation or upgrade to XenServer 6.0, user experiences issues with any storage related operations. The following error message appears: “SRBACKENDFAILURE181 Error In metadata Volume Operation For SR.” The following entries appears in the log /var/log/SMlog file: Error code:...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.5 views

Mio Security Breach

Mio is the Metal I/O library for Rust. A security vulnerability exists in Mio versions v0.7.2 through prior to v0.8.11, which stems from the return of invalid tokens under certain circumstances, potentially leading to reuse after release...

9.1CVSS6.8AI score0.00889EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 2:15 a.m.4 views

CVE-2023-38367

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

6.5CVSS5.8AI score0.00341EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/29 2:13 a.m.21 views

CVE-2023-38367 IBM Cloud Pak for Automation authentication bypass

IBM Cloud Pak Foundational Services Identity Provider idP API IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows CRUD Operations with an invalid token. This could allow an unauthenticated attacker ...

6.5CVSS6.6AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.12 views

PT-2024-12715 · Ibm · Ibm Cloud Pak Foundational Services Identity Provider

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak Foundational Services Identity Provider idP API versions 18.0.0 through 22.0.2 Description: The issue allows an unauthenticated attacker to perform CRUD operations using an invalid token, potentially enabling them to view, updat...

6.5CVSS6.5AI score0.00341EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/02/27 3:54 a.m.6 views

SUSE CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

7.1CVSS6.8AI score0.78388EPSS
Exploits0References3
OSV
OSV
added 2024/02/23 2:15 p.m.11 views

UBUNTU-CVE-2024-26594

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid...

7.1CVSS6.2AI score0.78388EPSS
Exploits0References21
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.6 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that stems from the fact that if a client sends an invalid mechanical token in a session setup request, ksmbd validates it a...

7.1CVSS7.8AI score0.78388EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/01/14 12:0 a.m.14 views

PT-2024-2003 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel ksmbd affected versions not specified Description: The issue is related to the incorrect handling of authentication tokens in the smb2 sess setup function within the Linux kernel's ksmbd server. This can potentially allow an...

9.1CVSS6.7AI score0.78388EPSS
Exploits20References982
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.8 views

Deposit will always revert when depositing ETH if one of the GeVault tokens is not WETH

Lines of code Vulnerability details Impact When a user deposits funds, the deposit function requires an argument namely, the address of the token with which to fund the transaction. If the GeVault has two tokens of for example: USDC/DAI. Line 251 expects the function argument to be the address of...

6.6AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/06/13 7:0 a.m.5 views

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.

...

7.5CVSS7.2AI score0.01172EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/06/05 6:30 a.m.18 views

xml-rs vulnerable to denial of service via invalid token in XML document

The xml-rs crate = 0.8.9 and 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document...

7.5CVSS7.1AI score0.01172EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/05 4:15 a.m.27 views

CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

7.5CVSS7.1AI score0.01172EPSS
Exploits1References5
OSV
OSV
added 2023/06/05 4:15 a.m.1 views

UBUNTU-CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

7.5CVSS5.8AI score0.01172EPSS
Exploits1References6
Rows per page
Query Builder