283 matches found
CVE-2022-45937
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, TALON TC Compact BACnet All versions V3.5.5, TALON TC...
CVE-2020-6252
Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...
CVE-2024-43086
In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
ASB-A-343440463
In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2024-7962
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
PYSEC-2024-112
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
CVE-2024-7962
The CVE-2024-7962 issue affects gaizhenbiao/chuanhuchatgpt version 20240628, described as an arbitrary file read vulnerability caused by insufficient validation when loading prompt template files. An attacker can read files via an absolute path if the target file meets criteria (not ending in .js...
CVE-2024-7962 Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except f...
Security Bulletin: RC4 Bar Mitzvah Attack for SSL/TLS (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...
CVE-2024-42024
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed...
PT-2024-41075 · Ооо 'Нпо Мир' · Конфигуратор Контроллеров Мир +2
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to the storage of unencrypted account credentials. Exploitation of this issue could allow an attacker to disclose protected information. Recommendations: At the moment,...
CVE-2024-25031 IBM Storage Defender information disclosure
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678...
YAQL: OpenStack Murano Component Information Leakage
A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...
CVE-2024-23251
An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials...
CVE-2023-43842
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request...
CVE-2024-21990
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...
CVE-2024-21990 Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility
ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials...
Information Disclosure
yaql is vulnerable to Information Disclosure. The vulnerability is due to improper handling of attribute access in the YAQL library's 'format' function, allowing unauthorized users to access sensitive information, including service account credentials...
IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2024-07607)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...
WCMultiShipping < 2.3.8 - Subscriber+ Arbitrary Account Credentials Test
Description The plugin does not have proper capability check on its wmschronoposttestcredentialsajax function, allowing any authenticate duets, such as with subscriber, to test account credentials...