Lucene search
K

545 matches found

Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.4 views

PT-2024-39023 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns the use of an insecure hashing function to hash user passwords without salting. Remote attackers with administrator privileges can read...

4.9CVSS6.8AI score0.00301EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/20 12:0 a.m.4 views

PT-2024-10395 · Unknown · Mxview One

Name of the Vulnerable Software and Affected Versions: MXview One affected versions not specified Description: The issue allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure...

6.5CVSS6.8AI score0.00554EPSS
Exploits0References11
Metasploit
Metasploit
added 2024/07/03 7:54 p.m.245 views

Azure CLI Credentials Gatherer

This module will collect the Azure CLI 2.0+ az cli settings files for all users on a given target. These configuration files contain JWT tokens used to authenticate users and other subscription information. Once tokens are stolen from one host, they can be used to impersonate the user from a...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/02 3:40 p.m.4 views

c-ares: Out of bounds read in ares__read_line()

A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.2 views

PT-2024-33090 · Edito Cms · Edito Cms

Name of the Vulnerable Software and Affected Versions: Edito CMS versions 3.5 through 3.25 Description: The issue allows unauthenticated users to download configuration files, leading to sensitive data leakage. The problem was resolved in releases dated from January 10th, 2014. Recommendations: F...

7.5CVSS7.2AI score0.02629EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/11 7:37 p.m.4 views

c-ares: Out of bounds read in ares__read_line()

A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References5
Veracode
Veracode
added 2024/05/27 3:34 a.m.16 views

Server-Side Request Forgery (SSRF)

vufind/vufind is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the /Upgrade/FixConfig route, which allows remote attackers to overwrite local configuration files...

9.1CVSS6.9AI score0.00681EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/15 6:4 p.m.19 views

CVE-2024-3182

Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service EMS password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files...

6.5CVSS6.6AI score0.00162EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/05/15 11:35 a.m.4 views

c-ares: Out of bounds read in ares__read_line()

A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.5 views

PT-2024-24227 · Tibco · Tibco Hawk

Name of the Vulnerable Software and Affected Versions: TIBCO Hawk versions 6.2.0 through 6.2.3 Description: The issue allows a user's Enterprise Message Service EMS password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files due to an install-type password disclosure...

6.5CVSS7AI score0.00162EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.20 views

Fedora 40 : libeconf (2023-52b5309835)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-52b5309835 advisory. Automatic update for libeconf-0.5.2-1.fc40. Changelog Mon Aug 28 2023 Iker Pedrosa - 0.5.2-1 - Update to 0.5.2 RH1980774 - Fix CVE-2023-22652...

6.5CVSS7AI score0.00636EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/19 12:0 a.m.19 views

CVE-2024-31587

SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request...

6.9AI score0.00218EPSS
Exploits0References1
Amazon
Amazon
added 2024/03/21 12:0 a.m.8 views

Medium: c-ares

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

5.5CVSS6.6AI score0.00349EPSS
Exploits0
Amazon
Amazon
added 2024/03/18 12:0 a.m.4 views

Medium: c-ares

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

5.5CVSS6.7AI score0.00349EPSS
Exploits0
OSV
OSV
added 2024/03/05 12:15 p.m.5 views

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.5 views

AZL-34463 CVE-2024-25629 affecting package python-gevent for versions less than 21.1.2-3

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.7 views

AZL-34578 CVE-2024-25629 affecting package c-ares for versions less than 1.30.0-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.8 views

AZL-43501 CVE-2024-25629 affecting package python-pycares 3.1.1-3

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.4 views

AZL-34462 CVE-2024-25629 affecting package nodejs18 for versions less than 18.20.2-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 3:15 p.m.4 views

AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

5.5CVSS6.8AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder