Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-39369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS librar...

8CVSS7.1AI score0.01064EPSS
Exploits0References2
BDU FSTEC
BDU FSTECadded 2024/08/12 12:0 a.m.2 views

The vulnerability of the phpCAS::setUrl() function in the phpCAS authentication library allows a attacker to gain access to the user’s account.

The vulnerability of the phpCAS::setUrl function in the phpCAS authentication library relates to the use of HTTP headers to determine the URL address of the service used for ticket verification. This allows control over the host header and enables the use of a valid ticket for authentication in a...

9CVSS6.8AI score0.01064EPSS
Exploits0References4Affected Software2
OSV
OSVadded 2022/11/01 5:15 p.m.1 views

DEBIAN-CVE-2022-39369

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

8CVSS6.6AI score0.01064EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2021/06/17 11:35 a.m.1 views

curl: TLS 1.3 session ticket mix-up with HTTPS proxy host

A flaw was found in the way libcurl handled TLS 1.3 session tickets. A malicious HTTPS proxy could possibly use this flaw to make libcurl resume a TLS session it previously had with the proxy while intending to resume a TLS session with a target server, making it possible for the proxy to perform...

4.3CVSS7.2AI score0.03141EPSS
Exploits1References5
CNVD
CNVDadded 2015/06/07 12:0 a.m.2 views

OpenSSL 'ssl3_get_new_session_ticket()' memory misreference vulnerability

OpenSSL is an open source SSL implementation used to implement strong encryption for network communications. A two-time memory misreference error vulnerability in OpenSSL ssl3getnewsessionticket allows a remote server to return a specially crafted NewSessionTicket message to connect to a...

6.8CVSS6.9AI score0.15968EPSS
Exploits0References1
OSV
OSVadded 2015/06/02 12:0 a.m.1 views

UBUNTU-CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

6.8CVSS7.2AI score0.15968EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2013/04/08 5:55 p.m.32 views

CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...

4.4CVSS7AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder