Lucene search
K

230 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:6 p.m.6 views

CVE-2019-3606

Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management NSM 9.1 9.1.7.75 Update 4 and 9.2 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands...

7.7CVSS6.4AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:17 p.m.17 views

CVE-2024-52297

Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2...

9.8CVSS6.7AI score0.00593EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:21 a.m.6 views

CVE-2024-31220

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

7.3CVSS7.3AI score0.00491EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.10 views

Juniper Junos OS Authentication for Critical Function (CVE-2024-21619)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA76390 advisory. - A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper...

7.5CVSS7.4AI score0.00882EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/01/23 11:15 a.m.3 views

CVE-2025-0619

Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords...

4.9CVSS5.3AI score0.00408EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 2:15 p.m.23 views

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

8.6CVSS0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.3 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server ABAP that originates from allowing an attacker to gain unauthorized access to system information, and an unauthenticated attacker can retrieve detailed...

5.3CVSS6.5AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.6 views

PT-2024-35163 · Tolgee · Tolgee

Name of the Vulnerable Software and Affected Versions: Tolgee version 3.81.1 Description: Tolgee is an open-source localization platform. The issue concerns the public exposure of all configuration properties in the PublicConfigurationDTO to users. Recommendations: For Tolgee version 3.81.1, upda...

9.8CVSS7.2AI score0.00593EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.7 views

PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap

Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...

5.7CVSS6.6AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.5 views

Cisco ATA 190 操作系统命令注入漏洞

The Cisco ATA 190 is an analog phone adapter from Cisco. The Cisco ATA 190 suffers from an operating system command injection vulnerability that stems from a lack of authentication at a particular HTTP endpoint. An unauthenticated, remote attacker could use this vulnerability to view or delete th...

8.2CVSS7.6AI score0.00713EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/28 3:33 p.m.25 views

CVE-2024-35137 IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413...

6.2CVSS6AI score0.00255EPSS
Exploits1References2
OSV
OSV
added 2024/04/08 1:15 p.m.3 views

CVE-2024-31815

In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...

9.1CVSS5.8AI score0.00584EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.6 views

PT-2024-23310 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.5.0 Description: The issue concerns a database configuration information exposure. Visiting the "/de2api/engine/getEngine;.js" API endpoint via a browser reveals the platform's database configuration. The estimate...

5.3CVSS6.6AI score0.16EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2024/02/12 10:46 a.m.4 views

Jenkins: Information disclosure through error stack traces related to agents

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

5.3CVSS7.3AI score0.00724EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.10 views

PT-2024-1427 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...

7.5CVSS7.5AI score0.00882EPSS
Exploits0References26
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.4 views

Selected Bentley Systems Products Security Vulnerabilities

Bentley Systems eB System Management Console is a system management console from Bentley Systems, USA. A security vulnerability exists in some Bentley Systems products that originated from allowing an unauthenticated attacker to view configuration options via a specially crafted request, which...

8.6CVSS6.4AI score0.00465EPSS
Exploits0References2
OSV
OSV
added 2023/12/18 10:15 p.m.7 views

CVE-2023-41967

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...

4.6CVSS5.8AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/06 12:0 a.m.5 views

Red Hat Infinispan Security Vulnerability

Red Hat Infinispan is a suite of distributed caching and key-value NoSQL datastore software from Red Hat USA. A security vulnerability exists in Red Hat Infinispan that stems from returning credentials from a configuration in plaintext...

7.2CVSS5.1AI score0.00543EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.5 views

BVRP Software Avanquest Software SLmail Security Breach

BVRP Software Avanquest Software SLmail BVRP Software SLmail is an e-mail server solution from BVRP Software, France. A security vulnerability exists in BVRP Software Avanquest Software SLmail version 5.5.0.4433, which originates from the ability to retrieve credentials files, configuration files...

7.5CVSS6.7AI score0.00717EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/14 3:39 p.m.7 views

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

6.5CVSS5.8AI score0.00619EPSS
Exploits0References4
Rows per page
Query Builder