82 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Insecure credentials submission in the RHEL UBI (CVE-2023-35789)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-35789. Vulnerability Details CVEID:CVE-2023-35789 DESCRIPTION: RabbitMQ C AMQP client library aka rabbitmq-c could allow a...
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in orde...
SUSE: Security Advisory (SUSE-SU-2023:2823-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Kylin has Insufficiently Protected Credentials
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
librabbitmq security update
0.9.0-4 - Resolves: 2215765, insecure credentials submission...
rabbitmq-c/librabbitmq: Insecure credentials submission
A flaw was found in librabbitmq. This issue occurs because credentials can only be entered on the command line for example, for amqp-publish or amqp-consume and are visible to local attackers by listing a process and its arguments...
librabbitmq security update
0.11.0-7 - add missing gating.yaml - fix rpminspect issue Related: 2215766 0.11.0-6 - Resolves: 2215766, insecure credentials submission...
SUSE-SU-2023:2823-1 Security update for rabbitmq-c
This update for rabbitmq-c fixes the following issues: - CVE-2023-35789: Fixed insecure credentials submission bsc1212499...
CVE-2023-1778
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 except v4.21 due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby...
SUSE CVE-2020-10755
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...
CVE-2022-4612
A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...
CVE-2022-2005 AutomationDirect C-more EA9 HMI Cleartext Transmission
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73;...
CVE-2022-33169
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888...
The vulnerability of the Moxa MXView network control software, related to the insecure transmission of credentials, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Moxa MXView network control software is related to the insecure transmission of credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Philips Vue PACS 安全漏洞
Philips Vue PACS is an image management solution from Philips Europe. Philips Vue PACS suffers from a security vulnerability that arises from the product's use of insecure methods for transmitting or storing authentication credentials that are susceptible to unauthorized interception or retrieval...
PT-2021-11241 · Intland · Codebeamer Alm
Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...
IBM Maximo for Civil Infrastructure Information Disclosure Vulnerability
IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. An information disclosure vulnerability exists in IB...
General Electric Healthcare Imaging and General Electric Healthcare Ultrasound Security Vulnerabilities
General Electric Healthcare Imaging and General Electric Healthcare Ultrasound are both products of General Electric, Inc.General Electric Healthcare Imaging is a medical imaging device. General Electric Healthcare Ultrasound is a medical sonography device. GE Imaging and Ultrasound Products have...
U.S. Dept Of Defense: Insecure ███████ credentials on staging app at ████ leads to application takeover
Summary: A ██████████ application called "████" has an old endpoint that accepts insecure/test ████████ credentials despite being a publicly-accessible IP. This endpoint also provides the ability to view information that may be FOUO, to exfiltrate information on registered personnel or contractor...
CVE-2020-26105
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM SEC-554...