Lucene search
+L

173 matches found

bdu_fstec
bdu_fstec
added 2024/04/02 12:0 a.m.5 views

The vulnerability of the util-linux package on Linux operating systems allows a hacker to gain unauthorized access to passwords or modify the user’s swap space.

The vulnerability of the util-linux package on Linux operating systems is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to passwords or modify the user’s swap file by using the wall command with...

8.4CVSS6.7AI score0.02242EPSS
Exploits3References17Affected Software7
nvd
nvd
added 2024/02/21 5:15 p.m.8 views

CVE-2024-26133

EventStoreDB ESDB is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affecte...

5.5CVSS5.4AI score0.00615EPSS
Exploits0References6
osv
osv
added 2023/12/14 2:15 p.m.2 views

CVE-2023-45182

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM...

6.5CVSS5.8AI score0.00634EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/12/12 12:0 a.m.8 views

PT-2023-14813 · Siemens · Simatic Step 7 +2

Name of the Vulnerable Software and Affected Versions: SIMATIC STEP 7 TIA Portal versions prior to V19 Description: An information disclosure issue could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs when entered by a legitimate user in...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/04/27 12:0 a.m.12 views

Zyxel DX5401-B0 安全漏洞

The Zyxel DX5401-B0 is a wireless enhancement device from China's Hopkins Zyxel. A security vulnerability exists in the Zyxel DX5401-B0 V5.17ABYO.1C0 firmware version, which originates from the exposure of sensitive information in CGI ExportLog and binary zcmd. An attacker can exploit this...

7.5CVSS7.8AI score0.57778EPSS
Exploits2References3
vulnrichment
vulnrichment
added 2022/10/24 12:0 a.m.4 views

CVE-2022-41986

Information disclosure vulnerability in Android App 'IIJ SmartKey' versions prior to 2.1.4 allows an attacker to obtain a one-time password issued by the product under certain conditions...

7.2AI score0.00608EPSS
Exploits0References2
ubuntu
ubuntu
added 2022/10/06 1:28 p.m.62 views

USN-5661-1: LibreOffice vulnerabilities

It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. CVE-2022-26305 It was discovered that Libreoffice incorrectly handled encryptin...

8.8CVSS7.9AI score0.01139EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2022/09/21 12:0 a.m.8 views

The vulnerability of the Mozilla Firefox browser for iOS, related to insufficient protection of registration data, allows a hacker to gain access to user passwords for the current domain.

The vulnerability of the Mozilla Firefox browser for iOS is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to gain access to user passwords for the current domain...

7.8CVSS6.5AI score0.00845EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2022/06/28 12:0 a.m.39 views

RHEL 7 : 389-ds-base (RHSA-2022:5239)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5239 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...

7.5CVSS7AI score0.05914EPSS
Exploits3References9
cnnvd
cnnvd
added 2022/06/08 12:0 a.m.4 views

Verbatim Keypad Secure USB Drive 安全漏洞

The Verbatim Keypad Secure USB Drive is a hardware encrypted USB flash drive from the Chinese company Verbatim. A security vulnerability exists in the Verbatim Keypad Secure USB Drive, which arises from an insecure design and can be exploited by an attacker to brute-force break a password offline...

5.5CVSS5.8AI score0.00428EPSS
Exploits1References12
cnnvd
cnnvd
added 2022/03/08 12:0 a.m.5 views

Siemens RUGGEDCOM 加密问题漏洞

RUGGEDCOM ROS-based devices are typically switches and serial-to-Ethernet devices used to connect equipment that operates in harsh environments, such as electric utility substations and traffic control cabinets. An information disclosure vulnerability exists in Siemens RUGGEDCOM Devices, which ca...

6.7CVSS5.6AI score0.00372EPSS
Exploits0References8
ncsc
ncsc
added 2021/11/15 12:0 a.m.3 views

Vulnerabilities fixed in GNU Mailman

The developers of GNU Mailman have fixed two vulnerabilities fixed in GNU Mailman. The vulnerabilities could be exploited by a malicious person to gain access to the administrator password, or to use a cross-site scripting attack to execute code in the scope of the affected browser. To gain acces...

6.5CVSS6.7AI score0.01284EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2021/10/22 12:0 a.m.7 views

The vulnerability of the Synergia operating system, related to weaknesses in password policies, allows attackers to obtain user passwords by force.

The vulnerability of the Synergia operating system is related to weaknesses in the password policy. Exploiting this vulnerability could allow a perpetrator to obtain user passwords by force...

4.9CVSS5.5AI score
Exploits0
osv
osv
added 2021/08/24 7:15 p.m.2 views

CVE-2021-30948

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication...

4.6CVSS5.8AI score0.00301EPSS
Exploits0References1
nvd
nvd
added 2021/06/25 2:15 p.m.25 views

CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

8.1CVSS0.00905EPSS
Exploits0References2
prion
prion
added 2021/06/25 2:15 p.m.15 views

Default credentials

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

6.8CVSS8.1AI score0.00905EPSS
Exploits0References2Affected Software2
cve
cve
added 2021/06/25 12:0 a.m.58 views

CVE-2021-33895

The CVE-2021-33895 issue affects ETINET BACKBOX, specifically E4.09 (22SEP2020) and H4.09 (T0954V04^AAO). The flaw is improper password access control: when a user logs into the Backbox UI using the User ID of the process running BBSV, the system procedure USER_AUTHENTICATE_ used for password ver...

8.1CVSS8.1AI score0.00905EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/06/25 12:0 a.m.29 views

CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

8.4AI score0.00905EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2021/06/09 12:0 a.m.8 views

The vulnerability of the ajaxhelper.php component of the Nagios Fusion software, which is used for visualizing the operational status of IT infrastructure, allows a hacker to gain access to user passwords.

The vulnerability of the ajaxhelper.php component of the Nagios Fusion software, which is used for visualizing the operational status of IT infrastructure, relates to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to ga...

7.8CVSS6.8AI score0.02724EPSS
Exploits1References4Affected Software1
bdu_fstec
bdu_fstec
added 2021/06/02 12:0 a.m.9 views

The vulnerability of the programmable logic controller Modicon TSX TWIDO, related to the absence of a mechanism to protect operational data, allows a intruder to obtain the project password.

The vulnerability of the embedded software of the programmable logic controller Modicon TSX TWIDO is related to the absence of a mechanism for protecting operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain the project password...

5.3CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder