Lucene search
K

106 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 5:2 p.m.22 views

Security Bulletin: Multiple vulnerabilities found in IBM QRadar SIEM and QRadar Risk Manager (CVE-2014-4832, CVE-2014-4831, CVE-2014-4829, CVE-2014-4829, CVE-2014-6075)

Summary There are multiple security vulnerabilities in various components used by IBM QRadar in versions 7.1 MR2 and 7.2.3. Vulnerability Details CVEID: CVE-2014-4832 Description: A vulnerability in the IBM QRadar Risk Manager application could allow a remote attacker to obtain sensitive...

6.8CVSS5.7AI score0.01173EPSS
Exploits0Affected Software3
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.3 views

PT-2022-17140 · Jenkins · Jenkins Checkmarx Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.1.2 and earlier Description: The issue is related to missing permission checks in the Jenkins Checkmarx Plugin, allowing attackers with Overall/Read permission to connect to an attacker-specified webserv...

6.5CVSS6AI score0.00742EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/12/28 2:51 a.m.5 views

Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems

Overview Multi-function printers MFP and printing systems provided by KONICA MINOLTA, INC. contain multiple vulnerabilities listed below. Incorrect authorization CWE-863 - CVE-2021-20868 Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2021-20869 Improper handling of...

6.8CVSS7.2AI score0.00532EPSS
Exploits0References16
Veracode
Veracode
added 2021/06/17 7:56 a.m.26 views

Privilege Escalation

ansible-tower is vulnerable to privilege escalation. The vulnerability exists due to application credentials exposed to playbook job runs via environment variables...

7.2CVSS3.7AI score0.0129EPSS
Exploits0References6Affected Software1
Huntr
Huntr
added 2021/05/18 8:58 a.m.17 views

in cythron/gcp

✍️ Description Hard-Coded User Credentials are exposed in the docker file. 🕵️‍♂️ Proof of Concept https://github.com/cythron/gcp/blob/master/%23DockerfileL20 💥 Impact Attacker is capable of login using given credentials...

0.9AI score
Exploits0
CNNVD
CNNVD
added 2021/05/10 12:0 a.m.5 views

IBM OpenPages with Watson 跨站脚本漏洞

OpenPages with Watson is an AI-powered financial risk analytics solution. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring, analyzing, and managing risk data through a number ...

5.4CVSS5.5AI score0.00495EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/10/31 1:2 p.m.22 views

Mail.ru: Exposed Credentials May Leads to Tarantool Infrastructure Leak

Application configuration data related to Tarantool project was leaked on github.com...

2.6AI score
Exploits0
OSV
OSV
added 2020/09/18 6:15 p.m.5 views

CVE-2020-7945

Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...

5.5CVSS6.1AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/08/20 12:35 p.m.24 views

CVE-2019-20150

In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's...

6.5AI score0.00914EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/08/17 12:0 a.m.41 views

Joomla! 2.5.x < 3.9.20 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.20. It is, therefore, affected by multiple vulnerabilities. - A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability. - Missing validation...

6.8CVSS5.1AI score0.03185EPSS
Exploits0References13
Prion
Prion
added 2019/11/05 3:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

4.3CVSS7.3AI score0.00698EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/08 12:0 a.m.4 views

The vulnerability of the /cgi/loginDefaultUser component of the CGI HTTP-server interface of the IDAL user interface design tool PB610 Panel Builder 600 (SAP500900R0101) allows a attacker to escalate their privileges.

The vulnerability of the /cgi/loginDefaultUser component of the CGI HTTP-server interface of the IDAL user interface design tool, PB610 Panel Builder 600 SAP500900R0101, is related to authentication process errors. Exploiting this vulnerability allows an attacker to escalate their privileges by...

8.8CVSS5.4AI score0.0526EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2019/02/20 12:0 a.m.5 views

PT-2019-11322 · Jenkins · Jenkins Cloud Foundry Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cloud Foundry Plugin versions 2.3.1 and earlier Description: A sensitive information exposure issue exists, allowing attackers with Overall/Read access to connect to a specified URL using attacker-specified credentials IDs, potentiall...

8.8CVSS8.5AI score0.01348EPSS
Exploits0References7
OSV
OSV
added 2018/12/12 3:52 p.m.30 views

GHSA-WWW2-V7XJ-XRC6 Exposure of Sensitive Information to an Unauthorized Actor in urllib3

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

9.8CVSS7.3AI score0.04488EPSS
Exploits0References19
CNVD
CNVD
added 2018/09/21 12:0 a.m.3 views

Elastic Cloud Enterprise (ECE) Information Disclosure Vulnerability

Elastic Cloud Enterprise ECE is a suite of software packages for managing, monitoring, and configuring Elasticsearch, Kibana, and X-Pack from Elasticsearch Netherlands. An information disclosure vulnerability exists in Elastic Cloud Enterprise ECE, which can be exploited by an attacker to obtain...

7.5CVSS7.2AI score0.00513EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/12 12:0 a.m.5 views

Apache LDAP API Information Disclosure Vulnerability

Apache LDAP API is a U.S. Apache Apache Software Foundation API for accessing LDAP servers. A security vulnerability exists in Apache LDAP API versions prior to 1.0.2. An attacker can exploit the vulnerability to disclose information including: credentials contained in a request...

9.8CVSS9.1AI score0.0531EPSS
Exploits0References1
Prion
Prion
added 2018/02/19 10:29 p.m.11 views

Design/Logic Flaw

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...

5CVSS9.3AI score0.72272EPSS
Exploits4References5Affected Software1
CNVD
CNVD
added 2017/12/26 12:0 a.m.9 views

Genexis Automatic Provisioning System Access Control Vulnerability

The Genexis Automatic Provisioning System GAPS is a system for automatic configuration of routers and networks from the Dutch company GENEXIS. An access control vulnerability exists in GAPS 7.2 and earlier versions. An attacker can exploit this vulnerability to obtain configured setup information...

9.8CVSS6.5AI score0.01186EPSS
Exploits2References1
Prion
Prion
added 2017/11/28 7:29 a.m.16 views

Design/Logic Flaw

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the...

2.1CVSS8AI score0.0037EPSS
Exploits1References2Affected Software1
Krebs on Security
Krebs on Security
added 2017/09/12 10:2 p.m.37 views

Ayuda! (Help!) Equifax Has My Data!

Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may n...

6.6AI score
Exploits0
Rows per page
Query Builder