Lucene search
K

289 matches found

OSV
OSV
added 2024/02/29 1:40 a.m.2 views

CVE-2023-38372

An unauthorized attacker who has obtained an IBM Watson IoT Platform 1.0 security authentication token can use it to impersonate an authorized platform user. IBM X-Force ID: 261201...

7.5CVSS5.8AI score0.00643EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.7 views

PT-2024-12720 · Ibm · Ibm Watson Iot Platform

Name of the Vulnerable Software and Affected Versions: IBM Watson IoT Platform version 1.0 Description: An unauthorized attacker who has obtained an IBM Watson IoT Platform security authentication token can use it to impersonate an authorized platform user. Recommendations: For IBM Watson IoT...

7.5CVSS6.9AI score0.00643EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/25 8:12 a.m.7 views

curl: GSS delegation too eager connection re-use

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting...

5.9CVSS7.1AI score0.01566EPSS
Exploits1References5
OSV
OSV
added 2024/01/15 4:15 p.m.3 views

CVE-2023-6066

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site...

4.3CVSS5.8AI score0.00386EPSS
Exploits2References1
OSV
OSV
added 2023/12/18 7:15 p.m.5 views

ALPINE-CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...

5.5CVSS7AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2023/12/12 1:15 p.m.24 views

CVE-2020-12615

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...

7.8CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2023/12/12 12:0 a.m.30 views

CVE-2020-12615

BeyondTrust Privilege Management for Windows (versions through 5.6) contains a local privilege escalation vulnerability: when the Add Admin token is added to a process and configured to run at medium integrity with the user owning the process, the token can be stolen and applied to arbitrary proc...

7.8CVSS7.6AI score0.00224EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/12 12:0 a.m.10 views

CVE-2020-12615

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...

7.7AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.36 views

CVE-2020-12615

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...

7.7AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2023/12/11 10:15 p.m.3 views

CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token prior to Avecto elevation. When Avecto elevates the process, it removes the user who is launching the process, but not the second...

8.8CVSS5.8AI score0.00774EPSS
Exploits0References2
NVD
NVD
added 2023/12/11 10:15 p.m.31 views

CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token prior to Avecto elevation. When Avecto elevates the process, it removes the user who is launching the process, but not the second...

8.8CVSS0.00774EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/10/19 5:10 p.m.41 views

ydb-go-sdk token in custom credentials object can leak through logs

Impact Since ydb-go-sdk/v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using fmt.Errorf"something went wrong credentials: %q", credentials during connection to...

5.5CVSS5.9AI score0.00219EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/04/19 6:15 p.m.57 views

CVE-2023-30610

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

5.5CVSS5.5AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2023/04/19 5:18 p.m.66 views

CVE-2023-30610

The CVE affects aws-sigv4 in the AWS SDK for Rust: the SigningParams Debug output can expose a user’s AWS access key, secret key, and session token when TRACE-level logging is enabled, allowing credentials to appear in logs. Affected users should upgrade to fixed releases; patches are listed acro...

5.5CVSS5.4AI score0.00216EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.38 views

AWS SDK for Rust 日志信息泄露漏洞

Amazon AWS SDK for Rust is an AWS SDK for Rust from Amazon.com, USA. AWS SDK for Rust suffers from a log message disclosure vulnerability that originates from including a user's access key, secret key, and security token in plaintext...

5.5CVSS5.7AI score0.00216EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/04/13 1:2 p.m.4 views

WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take...

6.7AI score
Exploits0
OSV
OSV
added 2023/02/28 11:20 p.m.86 views

GHSA-4W59-C3GC-RRHP vantage6 refresh tokens do not expire

From issue: Problem description Currently, the refresh token is valid indefinitely. This is bad security practice. Desired solution The refresh token should get a validity of 24-48 hours. Additional context When implementing this, also check that the refresh token returns a new refresh token When...

8.8CVSS8.6AI score0.00571EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.4 views

SUSE CVE-2018-20340

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is...

6.4CVSS7.5AI score0.00499EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

4.6CVSS5.7AI score0.00714EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.3 views

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...

5.3CVSS5.8AI score0.00469EPSS
Exploits0References2
Rows per page
Query Builder