RHEL 9 : thunderbird (RHSA-2025:4512)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4512 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachmen...

RHEL 9 : thunderbird (RHSA-2025:4229)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4229 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: User Interface UI Misrepresentation of attachmen...

CVE-2025-3838

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

CVE-2025-3838

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

CVE-2025-3838 Improper Authorization in the installer for the EOL OVA based connect component

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

CVE-2025-3838

CVE-2025-3838 affects the EOL OVA based connect component used for installation in internal networks. The issue is improper authorization that could let an attacker access the local database containing weakly hashed installer credentials. CVSS 4.0 data indicate A: Adjacent, AC: High, PR: None, UI...

PT-2025-17431 · Unknown · Eol Ova Based Connect

Name of the Vulnerable Software and Affected Versions: EOL OVA based connect component affected versions not specified Description: An Improper Authorization issue was identified in the EOL OVA based connect component, which could allow unauthorized access to the local database containing weakly...

Pulse Secure VPN Arbitrary File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary File Disclosure', 'Description' = %q This module exploits a pre-auth directory traversal in the Pulse Secure VPN serve...

CVE-2023-29062

CVE-2023-29062 describes a vulnerability in the OS hosting BD FACSChorus where user credentials may be transmitted as NTLMv2 hashes via LLMNR, MBT-NS, or MDNS, if the identity of requested resources is not adequately validated. Affected products are BD FACSChorus software and workstations (versio...

BD FACSChorus Security Breach

BD FACSChorus is a multichannel flow cytometry system from Bidi Medical BD. A security vulnerability exists in the BD FACSChorus that stems from being configured to allow the transmission of hashed user credentials based on a user action without fully verifying the identity of the requested...

CVE-2023-32709

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against th...

Command injection

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against th...

CVE-2023-32709

Summary (CVE-2023-32709) : Affects Splunk Enterprise <9.0.5, <8.2.11, <8.1.14 and Splunk Cloud Platform

Cisco Unified Intelligence Center Vulnerabilities (cisco-sa-cuic-infodisc-ssrf-84ZBmwVk)

The version of Cisco Unified Intelligence Center installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-cuic-infodisc-ssrf-84ZBmwVk advisory: - A vulnerability in the web-based management interface of Cisco...

GHSA-P2JH-44QJ-PF2V Exfiltration of hashed SMB credentials on Windows via file:// redirect

Impact When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as file://some.website.com/, then in some cases, Windows wil...

CVE-2022-36077 Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect

The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecti...

CVE-2022-1066

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...

CVE-2022-27494

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...

CVE-2022-1070

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...

CVE-2022-1070

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials...