Lucene search
+L

38 matches found

OSV
OSV
added 2024/08/14 5:15 p.m.7 views

CVE-2024-5916

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to...

4.4CVSS5.8AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/14 4:41 p.m.33 views

CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to...

6CVSS6.3AI score0.00249EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2024/08/14 4:0 p.m.23 views

PAN-OS: Cleartext Exposure of External System Secrets

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to...

6CVSS6.2AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/14 12:0 a.m.5 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which stems from the presence of an information disclosure vulnerability that allows a local system administrator to...

6CVSS4.6AI score0.00249EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2024/02/05 11:33 p.m.19 views

CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

6.8AI score
Exploits0
Redos
Redos
added 2023/04/18 12:0 a.m.24 views

ROS-20230418-04

A vulnerability in the pki-core public key infrastructure deployment management system is related to insufficient validation of user-entered XML data, which could be passed by specially created XML code to a vulnerable application and view the contents of arbitrary files on the system or initiate...

7.5CVSS7.7AI score0.85323EPSS
Exploits3
NVD
NVD
added 2022/05/19 6:15 p.m.13 views

CVE-2020-16235

Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained...

6.5CVSS0.00097EPSS
Exploits0References1
CVE
CVE
added 2022/05/19 5:23 p.m.53 views

CVE-2020-16235

CVE-2020-16235 affects Emerson OpenEnterprise (all versions through 3.3.5). The issue is inadequate encryption (CWE-326) that could allow credentials used by OpenEnterprise to access field devices and external systems to be obtained. Exploitation is described as local (not remote) with low attack...

6.5CVSS5.3AI score0.00097EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/18 5:46 p.m.35 views

XML external entity (XXE) injection in Apache Nutch

An XML external entity XXE injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions 1.18. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. ...

9.1CVSS4.8AI score0.04359EPSS
Exploits0References8Affected Software1
CNVD
CNVD
added 2022/03/08 12:0 a.m.28 views

Apache Any23 code issue vulnerability

Apache Any23 is a library, Web service, and command-line tool from the Apache Foundation, USA. It can extract structured data in RDF format from a variety of Web documents.Any23 versions prior to 2.7 contain a code issue vulnerability that could be exploited by an attacker to interfere with an...

9.1CVSS3.5AI score0.02814EPSS
Exploits0References1
OSV
OSV
added 2021/09/11 11:15 a.m.17 views

CVE-2021-38555

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

9.1CVSS9.2AI score
Exploits0References1
Prion
Prion
added 2021/09/11 11:15 a.m.21 views

Xxe

An XML external entity XXE injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of...

6.4CVSS9.1AI score0.02752EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/02/16 4:15 a.m.6 views

CVE-2021-27233

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue...

4.9CVSS5.8AI score0.00511EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/02/16 4:15 a.m.2 views

CVE-2021-27233

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue...

4.9CVSS5.2AI score0.00511EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/02/16 3:44 a.m.23 views

CVE-2021-27233

An issue was discovered in Mutare Voice EVM 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue...

5.5AI score0.00511EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2020/09/23 11:6 p.m.43 views

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but the...

6.8AI score
Exploits0
OSV
OSV
added 2017/04/20 8:59 p.m.6 views

CVE-2017-5158

An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specified...

9.8CVSS5.8AI score0.02419EPSS
Exploits0References3
Citrix
Citrix
added 2017/04/17 12:0 a.m.10 views

XenMobile Rest API

XenMobile provides an extensive REST API that can be leveraged to extract data and provide it for business needs. This feature provides customers with the facility of calling XenMobile services using REST API. Instead of using XenMobile console, customers can call exposed services by using any RE...

7.1AI score
Exploits0
Rows per page
Query Builder