Lucene search
+L

173 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:40 a.m.27 views

Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2023-37412, CVE-2023-37398, CVE-2023-37413, CVE-2023-35907)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.11 Vulnerability Details CVEID:CVE-2023-37412 DESCRIPTION: IBM Aspera Faspex could allow a privileged user to make system changes without proper access controls. CWE:CWE-284:...

9.8CVSS5.5AI score0.00314EPSS
Exploits0Affected Software6
RedhatCVE
RedhatCVE
added 2025/04/02 11:57 p.m.7 views

CVE-2025-24245

This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...

9.8CVSS6.8AI score0.00614EPSS
Exploits0References1
NVD
NVD
added 2025/03/31 11:15 p.m.7 views

CVE-2025-24245

This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...

9.8CVSS0.00614EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/31 10:23 p.m.15 views

CVE-2025-24245

This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...

0.00614EPSS
Exploits0References1
CVE
CVE
added 2025/03/31 10:23 p.m.65 views

CVE-2025-24245

CVE-2025-24245 affects macOS Sequoia 15.4. The issue is addressed by adding a delay between verification code attempts, preventing rapid guessing during verification. A malicious app may be able to access a user’s saved passwords if exploitation occurs before patch deployment. Apple’s advisory fo...

9.8CVSS6.4AI score0.00614EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 10:23 p.m.7 views

CVE-2025-24245

This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords...

6.7AI score0.00614EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/11 4:9 p.m.8 views

CVE-2024-52968

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password...

6.7CVSS6.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/02/11 4:9 p.m.87 views

CVE-2024-52968

Summary of CVE-2024-52968 (Fortinet FortiClientMac) : Fortinet FortiClientMac versions 7.0.11 through 7.2.4 suffer from an improper authentication vulnerability that allows an attacker to gain improper (unauthorized) access to macOS via an empty password. This is a local impact with high confiden...

8.4CVSS6.8AI score0.00231EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:47 p.m.6 views

CVE-2022-40602

A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00ABLG.6C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator...

9.8CVSS6.8AI score0.01017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:31 p.m.10 views

CVE-2020-16231

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life...

8.8CVSS7AI score0.00824EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/26 12:0 a.m.29 views

CVE-2025-24858

Develocity formerly Gradle Enterprise before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection...

8.3CVSS0.00455EPSS
Exploits0References1
NVD
NVD
added 2025/01/14 10:15 a.m.10 views

CVE-2025-20620

SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page...

7.5CVSS0.00392EPSS
Exploits0References2
OSV
OSV
added 2024/11/20 10:25 a.m.7 views

CVE-2024-45691 Moodle: lesson activity password bypass through php loose comparison

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values...

5.4CVSS6.1AI score0.00403EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/10/29 12:0 a.m.6 views

The vulnerability in the web interface for managing microprogramming software in Cisco Analog Telephone Adapter (ATA) Series 190 devices allows a perpetrator to view the passwords of arbitrary users.

The vulnerability in the web interface for managing microprogrammed software devices of Cisco Analog Telephone Adapter ATA series 190 involves the storage of passwords in a recoverable format. Exploiting this vulnerability allows an attacker to view the passwords of arbitrary users...

5.5CVSS5.5AI score0.00157EPSS
Exploits0References3Affected Software3
Vulnrichment
Vulnrichment
added 2024/10/01 12:0 a.m.12 views

CVE-2024-25661

In Infinera TNMS Transcend Network Management System 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords by reading memory dumps of the desktop application...

6.4AI score0.00125EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/05 12:0 a.m.6 views

The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer allows a hacker to gain unauthorized access to passwords and increase their privileges.

The vulnerability of the web server used by the monitoring and network traffic analysis software in SINEC Traffic Analyzer is related to insufficient protection for registration data. Exploiting this vulnerability can allow attackers to obtain unauthorized access to passwords and increase their...

6.3CVSS7.2AI score0.00147EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/06/11 3:15 a.m.25 views

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

6CVSS0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.12 views

PT-2024-26104 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Scheduling affected versions not specified Description: The issue allows an authenticated attacker with administrator access on the local server to access the password of a local account. Thi...

6CVSS6.8AI score0.00143EPSS
Exploits0References4
NVD
NVD
added 2024/05/23 9:15 a.m.35 views

CVE-2024-32969

vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and...

2.7CVSS3.5AI score0.00316EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.69 views

CVE-2024-32238

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface...

7AI score0.53229EPSS
Exploits0References2
Rows per page
Query Builder