Lucene search
K

82 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/07/19 9:48 p.m.25 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insecure credentials submission in the RHEL UBI (CVE-2023-35789)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-35789. Vulnerability Details CVEID:CVE-2023-35789 DESCRIPTION: RabbitMQ C AMQP client library aka rabbitmq-c could allow a...

5.5CVSS5.4AI score0.00214EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/07 5:19 p.m.15 views

TYPO3 Security Misconfiguration for Backend User Accounts

When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...

7.3AI score
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2024/02/28 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2023:2823-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.4AI score0.00214EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/01/29 3:30 p.m.25 views

Apache Kylin has Insufficiently Protected Credentials

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

7.5CVSS6.9AI score0.01149EPSS
Exploits0References5Affected Software1
Oracle linux
Oracle linux
added 2023/11/17 12:0 a.m.24 views

librabbitmq security update

0.9.0-4 - Resolves: 2215765, insecure credentials submission...

5.5CVSS5.6AI score0.00214EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/14 3:21 p.m.7 views

rabbitmq-c/librabbitmq: Insecure credentials submission

A flaw was found in librabbitmq. This issue occurs because credentials can only be entered on the command line for example, for amqp-publish or amqp-consume and are visible to local attackers by listing a process and its arguments...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2023/11/11 12:0 a.m.17 views

librabbitmq security update

0.11.0-7 - add missing gating.yaml - fix rpminspect issue Related: 2215766 0.11.0-6 - Resolves: 2215766, insecure credentials submission...

5.5CVSS5.6AI score0.00214EPSS
Exploits0
OSV
OSV
added 2023/07/14 8:44 a.m.5 views

SUSE-SU-2023:2823-1 Security update for rabbitmq-c

This update for rabbitmq-c fixes the following issues: - CVE-2023-35789: Fixed insecure credentials submission bsc1212499...

5.5CVSS5.4AI score0.00214EPSS
Exploits0References3
NVD
NVD
added 2023/04/27 10:15 a.m.25 views

CVE-2023-1778

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 except v4.21 due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby...

10CVSS9.9AI score0.01128EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

6.5CVSS7.8AI score0.01203EPSS
Exploits0References4
OSV
OSV
added 2022/12/19 3:15 p.m.3 views

CVE-2022-4612

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...

6.5CVSS4.8AI score0.00853EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/08/31 3:33 p.m.7 views

CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission

AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...

7.5CVSS6.7AI score0.00441EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/29 12:0 a.m.2 views

CVE-2022-33169

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888...

6.5CVSS5.8AI score0.00509EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.6 views

The vulnerability of the Moxa MXView network control software, related to the insecure transmission of credentials, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Moxa MXView network control software is related to the insecure transmission of credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.6AI score0.01699EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.6 views

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. Philips Vue PACS suffers from a security vulnerability that arises from the product's use of insecure methods for transmitting or storing authentication credentials that are susceptible to unauthorized interception or retrieval...

7.5CVSS8.4AI score0.00861EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/06/08 12:0 a.m.6 views

PT-2021-11241 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...

7.5CVSS7.5AI score0.00514EPSS
Exploits1References4
CNVD
CNVD
added 2021/02/19 12:0 a.m.5 views

IBM Maximo for Civil Infrastructure Information Disclosure Vulnerability

IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. An information disclosure vulnerability exists in IB...

6.5CVSS6.2AI score0.01139EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

General Electric Healthcare Imaging and General Electric Healthcare Ultrasound Security Vulnerabilities

General Electric Healthcare Imaging and General Electric Healthcare Ultrasound are both products of General Electric, Inc.General Electric Healthcare Imaging is a medical imaging device. General Electric Healthcare Ultrasound is a medical sonography device. GE Imaging and Ultrasound Products have...

9.8CVSS7.3AI score0.01137EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/12/07 3:22 a.m.14 views

U.S. Dept Of Defense: Insecure ███████ credentials on staging app at ████ leads to application takeover

Summary: A ██████████ application called "████" has an old endpoint that accepts insecure/test ████████ credentials despite being a publicly-accessible IP. This endpoint also provides the ability to view information that may be FOUO, to exfiltrate information on registered personnel or contractor...

0.8AI score
Exploits0
OSV
OSV
added 2020/09/25 6:15 a.m.4 views

CVE-2020-26105

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM SEC-554...

9.8CVSS7.3AI score0.01419EPSS
Exploits0References1
Rows per page
Query Builder