Lucene search
K

64 matches found

BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.7 views

The vulnerability of the OpenSearch software package, related to incorrect authorization, allows a perpetrator to introduce incorrect access authorization.

The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document level security, field level security, and field masking. These rules were incorrectly applied to queries under rare execution conditions. Exploiting this vulnerability c...

5.9CVSS6.3AI score0.0046EPSS
Exploits0References4Affected Software3
Wired Threat Level
Wired Threat Level
added 2023/05/11 11:0 a.m.15 views

A Republican-Led Lawsuit Threatens Critical US Cyber Protections

Three states are suing to block security rules for water facilities. If they win, it may open the floodgates for challenges to other cyber rules...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/18 6:30 p.m.123 views

Apache Commons Text vulnerability CVE-2022-42889

Updated Oct. 19, 2022 CVE-2022-42889 was recently added to the NVD catalog, with a critical score of 9.8. This vulnerability allows remote code execution RCE in Apache Commons Text. It affects version numbers 1.5-1.9, and an upgrade to Apache Commons Text 1.10.0 disables the problem by default...

1.4AI score0.99931EPSS
Exploits41
Imperva Blog
Imperva Blog
added 2022/08/10 4:55 p.m.60 views

What we know about VMWare CVE-2022–31656 and CVE-2022–31659

Takeaways: VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server. Imperva Threat Research has seen a sharp rise in attacks since a POC was published on August 9, mostly...

2.6AI score0.18285EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/17 3:11 a.m.31 views

Symfony Incorrect Access Control

FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security...

4.3CVSS6.9AI score0.08269EPSS
Exploits0References11Affected Software2
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/11/18 12:2 p.m.22 views

What is a firewall ❓ Everything you need to know about

In the tech world, a firewall is a wellbeing network framework that screens and controls moving ever closer affiliation traffic dependent upon destined security rules. A firewall ordinarily draws up a line between a confided in affiliation and an untrusted affiliation, like the Internet.‍ What is...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/11/16 11:33 a.m.20 views

Why I Hate Password Rules

The other day, I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used Password Safe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q Which was rejected by the site, because it didnt meet its password...

7AI score
Exploits0
Kitploit
Kitploit
added 2021/05/27 12:30 p.m.81 views

FireStorePwn - Firestore Database Vulnerability Scanner Using APKs

fsp scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication. If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill. Install fsp sudo wget...

7.5AI score
Exploits0References1
Citrix
Citrix
added 2021/03/23 12:0 a.m.8 views

Intermittently Users Are Unable to Access Start Menu After Citrix Workspace Environment Management Application Security Rules Are Applied

Start menu is intermittently inaccessible after applying default/custom rules...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2021/03/09 3:24 a.m.43 views

U.S. Dept Of Defense: HTTP Request Smuggling

hello dear support I have found HTTP Request Smuggling on www.████████ Issue description ============== HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different...

7.4AI score
Exploits0
OSV
OSV
added 2020/10/06 6:15 p.m.5 views

CVE-2019-4326

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...

7.5CVSS7.1AI score0.01071EPSS
Exploits0References1
NVD
NVD
added 2020/10/06 6:15 p.m.20 views

CVE-2019-4326

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...

7.5CVSS0.01071EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/06 5:22 p.m.18 views

CVE-2019-4326

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."...

7.7AI score0.01071EPSS
Exploits0References1
NVD
NVD
added 2020/06/10 6:15 p.m.31 views

CVE-2020-2033

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...

5.3CVSS0.00761EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/10 5:29 p.m.27 views

CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...

5.3CVSS5.1AI score0.00761EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/01/22 3:1 p.m.81 views

Microsoft Leaves 250M Customer Service Records Open to the Web

UPDATE Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams...

7AI score
Exploits0References8
Hacker One
Hacker One
added 2020/01/18 10:11 p.m.75 views

Stripo Inc: HTTP Request Smuggling on my.stripo.email

Summary: HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different lengths by different servers, an attacker can poison the back-end TCP/TLS socket and prepend...

0.2AI score
Exploits0
Veeam
Veeam
added 2019/08/13 12:0 a.m.20 views

Veeam Backup & Replication Fails to Connect to Linux Servers Due to Firewall Configuration

Challenge Veeam Backup & Replication may fail to connect to some Linux servers depending on their firewall configuration. For example, distributions based on Debian, SLES, or RHEL have default firewall configurations that may block necessary connections. Cause Linux OS firewall configuration and/...

6.6AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2019/07/23 6:25 p.m.15 views

Defining Wallarm API-specific Rules

Automatically Detect + Parse and Set Your Own Rules A unique Wallarm AI feature is its ability to automatically detect and parse complicated API protocols and then set up security rules based on specific data or parameters deep inside the API. Once parsed, the system creates the rules-based both ...

1.1AI score
Exploits0
OpenVAS
OpenVAS
added 2019/07/03 12:0 a.m.14 views

Windows Defender Firewall: Private Profile: Apply local connection security rules

The policy determines whether the local connection rules are merged with GP settings when connected to a private network. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of t...

7AI score
Exploits0
Rows per page
Query Builder