173 matches found
Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2023-37412, CVE-2023-37398, CVE-2023-37413, CVE-2023-35907)
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.11 Vulnerability Details CVEID:CVE-2023-37412 DESCRIPTION: IBM Aspera Faspex could allow a privileged user to make system changes without proper access controls. CWE:CWE-284:...
CVE-2025-24245
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...
CVE-2025-24245
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...
CVE-2025-24245
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...
CVE-2025-24245
CVE-2025-24245 affects macOS Sequoia 15.4. The issue is addressed by adding a delay between verification code attempts, preventing rapid guessing during verification. A malicious app may be able to access a user’s saved passwords if exploitation occurs before patch deployment. Apple’s advisory fo...
CVE-2025-24245
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...
CVE-2024-52968
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...
CVE-2024-52968
Summary of CVE-2024-52968 (Fortinet FortiClientMac) : Fortinet FortiClientMac versions 7.0.11 through 7.2.4 suffer from an improper authentication vulnerability that allows an attacker to gain improper (unauthorized) access to macOS via an empty password. This is a local impact with high confiden...
CVE-2022-40602
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00ABLG.6C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator...
CVE-2020-16231
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life...
CVE-2025-24858
Develocity formerly Gradle Enterprise before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection...
CVE-2025-20620
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page...
CVE-2024-45691 Moodle: lesson activity password bypass through php loose comparison
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values...
The vulnerability in the web interface for managing microprogramming software in Cisco Analog Telephone Adapter (ATA) Series 190 devices allows a perpetrator to view the passwords of arbitrary users.
The vulnerability in the web interface for managing microprogrammed software devices of Cisco Analog Telephone Adapter ATA series 190 involves the storage of passwords in a recoverable format. Exploiting this vulnerability allows an attacker to view the passwords of arbitrary users...
CVE-2024-25661
In Infinera TNMS Transcend Network Management System 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application...
The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer allows a hacker to gain unauthorized access to passwords and increase their privileges.
The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer is related to insufficient protection for registration data. Exploiting this vulnerability can allow attackers to obtain unauthorized access to passwords and increase their...
CVE-2024-34684
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
PT-2024-26104 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Scheduling affected versions not specified Description: The issue allows an authenticated attacker with administrator access on the local server to access the password of a local account. Thi...
CVE-2024-32969
vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and...
CVE-2024-32238
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface...