Lucene search
K

88 matches found

Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.7 views

PT-2024-22615 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions 19.4.0 through 23.5.0 Description: The issue is a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a redirect to query parameter with inadequate validation. Attacker...

6.1CVSS6.3AI score0.00419EPSS
Exploits0References8
OSV
OSV
added 2024/03/12 8:24 p.m.11 views

CVE-2024-28238 Session Token in URL in directus

Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places e.g., web server logs, browser history. Attackers...

2.3CVSS4.5AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/24 12:0 a.m.6 views

Jenkins Plugin GitLab Branch Source Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.8AI score0.005EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/24 12:0 a.m.6 views

CVE-2023-43990

An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

7.1AI score0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.5 views

Jenkins Plugin Google Login Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS6.7AI score0.00676EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.7 views

CVE-2023-30530

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

7AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.5 views

PT-2023-19303 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 3.8.0 Description: The issue concerns the refresh token in vantage6, a privacy-preserving federated learning infrastructure, which is currently valid indefinitely. This is considered bad security practice. The refre...

8.8CVSS8.5AI score0.00571EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/02/25 12:55 a.m.9 views

CVE-2023-26032 ZoneMinder contains SQL injection via malicious Jason Web Token

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL...

8.9CVSS9.2AI score0.0062EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.7 views

PT-2023-19809 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.9.12 Description: Onedev is a self-hosted Git Server with CI/CD and Kanban. The algorithm used to generate access token and password reset keys was not cryptographically secure in versions prior to 7.9.12. Existing...

8.8CVSS8.7AI score0.00713EPSS
Exploits0References7
Code423n4
Code423n4
added 2022/10/12 12:0 a.m.9 views

USE SAFEERC20 (SAFEAPPROVE/SAFEMINT/SAFETRANSFERFROM) INSTEAD OF APPROVE/MINT/TRANSFER FROM

Lines of code Vulnerability details Impact The classic openzepplin implementation of the ERC20 standard ie. functions : Approve, Transfer, TransferFrom and mint does not capture the fact that some ERC20 token do not return a boolean value eg. BNB, USDT, OMG. As results, these functions won't work...

7.1AI score
Exploits0
OSV
OSV
added 2022/05/24 4:48 p.m.5 views

GHSA-RQG8-XJP2-PG9W LinOTP replay vulnerability with auto resynchronization enabled for TOTP token

LinOTP is prone to a replay attack with activated automatic resynchronization. This vulnerability may allow an attacker to successfully log in with OTP values recorded at a previous point in time. This attack is only possible if automatic resynchronization is enabled for the TOTP token type. The...

9.2CVSS7.9AI score0.01164EPSS
Exploits0References6
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.7 views

TokenHandler.setToken ERC20 missing return value check

Handle cmichel Vulnerability details Vulnerability Details The setToken function performs an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead. Impact Tokens that don't actually perform the approve and return...

6.9AI score
Exploits0
Prion
Prion
added 2021/06/16 12:15 p.m.18 views

Code injection

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, a...

1.9CVSS4.7AI score0.00522EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/05/25 5:10 p.m.67 views

CVE-2021-32638

CVE-2021-32638 concerns Github CodeQL runner/CodeQL Action used in non-GitHub CI environments, where a GitHub access token supplied via the --github-auth flag could be exposed to other processes through system output (e.g., ps). The issue is resolved by deprecating --github-auth and using secure ...

4.4CVSS4.9AI score0.004EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2021/05/17 12:0 a.m.5 views

Intelbras Router RF 301K 跨站请求伪造漏洞

The Intelbras Router RF 301K is a router from Intelbras in China. A cross-site request forgery vulnerability exists in Intelbras Router RF 301K Firmware 1.1.2, which stems from the lack of a security mechanism to protect tokens and insecure inputs and modules...

8.8CVSS7.7AI score0.02467EPSS
Exploits3References5
OSV
OSV
added 2021/04/14 8:4 p.m.25 views

GO-2020-0004 Authentication bypass in github.com/nanobox-io/golang-nanoauth

If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners. Also, a minor timing side channel was present allowing attackers with very low latency and able to make many requests to potentially recover the token...

9.1CVSS9.3AI score0.00811EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/16 12:0 a.m.2 views

IBM Sterling File Gateway Sensitive Information Access Vulnerability

IBM Sterling File Gateway is a centralized management gateway product for file transfers from IBM USA. IBM Sterling File Gateway suffers from a sensitive information acquisition vulnerability that stems from a failure to set a security attribute on an authorization token or session cookie. An...

4.3CVSS6.3AI score0.00989EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/18 12:0 a.m.4 views

PT-2020-14623 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions 2018.2 through 2020.2.4 Description: An issue was discovered where the CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. This allows an attacker with the ability to execute...

8.8CVSS8.7AI score0.02048EPSS
Exploits0References4
OSV
OSV
added 2020/08/26 7:15 p.m.2 views

CVE-2019-4688

IBM Security Guardium Data Encryption GDE 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

4.3CVSS5.9AI score
Exploits0References2
CNVD
CNVD
added 2018/08/08 12:0 a.m.2 views

IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability (CNVD-2018-24624)

IBM Security Identity Governance and Intelligence IGI is a suite of identity management and governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Securi...

6.5CVSS6.1AI score0.01278EPSS
Exploits0References1
Rows per page
Query Builder