The vulnerability of the hyper-converged infrastructure of IBM Storage Fusion HCI, related to the use of strictly encrypted authentication data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI is related to the use of strictly encrypted account data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows a hacker to set arbitrary values for authentication data and execute arbitrary code.

The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to set arbitrary values for authentication data to access the 1C data import module and execute arbitrary code...

rpm-ostree: world-readable /etc/shadow file

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

tine 安全漏洞

tine is a team collaboration software from tine, Inc. A security vulnerability exists in versions of tine prior to 2023.11.8, which stems from a vulnerability that allows remote attackers to obtain sensitive authentication information via setup.php...

The vulnerability of the AVerCaster video encoding device, related to the transmission of authentication information in an open manner, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the AVerCaster video encoding device lies in the transmission of authentication information in an open manner. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the protected information...

CVE-2024-2905

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

CVE-2024-2905

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

CVE-2024-2905

CVE-2024-2905 affects rpm-ostree where default builds expose a world-readable /etc/shadow. Multiple Nessus advisories (RHEL 9, AlmaLinux 9, Oracle Linux 9, MiracleLinux, Fedora) reference the issue and indicate patches/backports to a fixed rpm-ostree release (e.g., versions >= 2024.4-3 or rela...

The vulnerability of the Windows Telephony Server server allows attackers to increase their privileges.

The vulnerability of the Windows Telephony Server server for Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2024-2905

A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication da...

PT-2024-4622 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows an attacker to elevate their privileges...

openEuler 安全漏洞

openEuler is an operating system from the Open Atomics Open Source Foundation. A security vulnerability exists in openEuler rpm-ostree, which stems from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access...

PT-2024-5018 · Unknown +2 · Rpm-Ostree +2

Name of the Vulnerable Software and Affected Versions: rpm-ostree affected versions not specified Description: A security issue has been found in rpm-ostree, related to the /etc/shadow file having the world-readable bit enabled in default builds. This is due to default permissions being set highe...

PT-2024-3911 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a cross-site request forgery CSRF vulnerability. It allows a remote attacker to exploit the vulnerability, potentially enabling them to set arbitrary authenticati...

The vulnerability of the Microsoft Message Queuing (MSMQ) queue service on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Microsoft Message Queuing MSMQ queue service on Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows an authenticated, remote attacker to read or update arbitrary content in the...

CVE-2023-5879

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 and below on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication...

CVE-2023-5879

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 and below on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication...

CVE-2023-40610

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...

CVE-2023-40610 Apache Superset: Privilege escalation with default examples database

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL stateme...