Lucene search
+L

187 matches found

cvelist
cvelist
added 2023/04/28 12:0 a.m.23 views

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...

9.7AI score0.00621EPSS
Exploits0References1
cve
cve
added 2023/01/26 8:37 p.m.56 views

CVE-2023-0451

CVE-2023-0451 affects Econolite EOS; EOS versions prior to 3.2.23 lack a password requirement for READONLY access to log files and certain databases/configuration files. Affected files reportedly contain MD5-hashed credentials and usernames for all defined users (including admins/techs), reflecti...

7.5CVSS7.4AI score0.00825EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/01/12 6:15 a.m.3 views

DEBIAN-CVE-2022-47927

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...

5.5CVSS5AI score0.00269EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/11/15 12:0 a.m.7 views

Apache Archiva 安全漏洞

Apache Archiva is a suite of software from the Apache USA Foundation for managing one or more remote repositories. The software provides features such as remote Repository agents, role-based secure access management, and usage reporting. A security vulnerability exists in Apache Archiva versions...

7.5CVSS7.3AI score0.01192EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2022/11/10 9:31 p.m.16 views

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

6.2CVSS7AI score0.00952EPSS
Exploits0References1
cvelist
cvelist
added 2022/11/10 9:31 p.m.26 views

CVE-2022-41607 ETIC Telecom Remote Access Server Path Traversal

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

6.2CVSS7.7AI score0.00952EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/11/03 7:6 p.m.2 views

CVE-2022-41607

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s application programmable interface API is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords,...

7.5CVSS5.8AI score0.00952EPSS
Exploits0References2
githubexploit
githubexploit
added 2022/06/04 4:46 p.m.466 views

Exploit for Path Traversal in Wso2 Api_Manager

Better CVE-2022-29464 Certain WSO2 products allow unrestricte...

10CVSS10AI score0.99999EPSS
Exploits22
github
github
added 2022/02/24 12:8 p.m.25 views

b2-sdk-python TOCTOU application key disclosure

Impact Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. SDK users of the SqliteAccountInfo format are vulnerable while users...

4.7CVSS1.1AI score0.00217EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2022/02/23 11:15 p.m.46 views

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS0.00217EPSS
Exploits0References3
osv
osv
added 2022/02/23 11:15 p.m.28 views

PYSEC-2022-33

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS1.5AI score0.00217EPSS
Exploits0References3
cvelist
cvelist
added 2022/02/23 10:50 p.m.52 views

CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS4.6AI score0.00217EPSS
Exploits0References3
zdi
zdi
added 2021/11/11 12:0 a.m.48 views

Microsoft Access ACCDB File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Access. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.5AI score0.03537EPSS
Exploits0References1
nvd
nvd
added 2021/09/23 8:15 a.m.17 views

CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...

7.8CVSS0.50563EPSS
Exploits0References4
osv
osv
added 2021/09/23 8:15 a.m.23 views

CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...

7.8CVSS7.3AI score
Exploits0References4
cvelist
cvelist
added 2021/09/23 8:10 a.m.31 views

CVE-2021-33035 Buffer overflow from a crafted DBF file

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...

8AI score0.50563EPSS
Exploits0References4
debiancve
debiancve
added 2021/09/23 8:10 a.m.47 views

CVE-2021-33035

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the...

7.8CVSS7.8AI score0.50563EPSS
Exploits0
osv
osv
added 2021/05/26 8:15 p.m.5 views

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

6.7CVSS5.8AI score0.00166EPSS
Exploits0References1
cve
cve
added 2021/05/26 7:20 p.m.63 views

CVE-2021-22741

CVE-2021-22741 affects Schneider Electric ClearSCADA and EcoStruxure Geo SCADA Expert (2019 all versions; 2020 up to v83.7742.1). The issue is a Password Hash with Insufficient Computational Effort, which could allow an attacker with access to server database files to decrypt or reveal user crede...

6.7CVSS6.6AI score0.00166EPSS
Exploits0References1Affected Software3
cvelist
cvelist
added 2021/05/26 7:20 p.m.32 views

CVE-2021-22741

Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA all versions, EcoStruxure Geo SCADA Expert 2019 all versions, and EcoStruxure Geo SCADA Expert 2020 V83.7742.1 and prior, which could cause the revealing of account credentials when server database file...

6.8AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder