1755 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-0246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...
Linux Distros Unpatched Vulnerability : CVE-2009-4269
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the...
Linux Distros Unpatched Vulnerability : CVE-2017-15423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password b...
Linux Distros Unpatched Vulnerability : CVE-2024-7701
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects...
Linux Distros Unpatched Vulnerability : CVE-2014-9970
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jasypt before 1.9.2 allows a timing attack against the password hash comparison. CVE-2014-9970 Note that Nessus relies on the presence of the package as reporte...
XWiki leaks password hashes and other accessible password properties
Impact Any user with edit right on a page of the wiki can create an XClass with a database list property that references a password property, for example the password hash that is stored for users. When adding an object of that XClass, the content of that password property is displayed. In...
CVE-2025-5922 Retrievable password hash protecting TSplus admin console
Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...
CVE-2025-5922 Retrievable password hash protecting TSplus admin console
Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...
Sensitive Information Disclosure
github.com/goharbor/harbor is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an ORM leak caused by improper filtering logic in the /api/v2.0/users endpoint, allowing administrators to extract password hash and salt values using the q URL parameter...
Xorux LPAR2RRD Read Only User Log Download Exposing Sensitive Information
Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54768 2. Vulnerability Description An API endpoint that should be limited to web...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the q URL parameter in the /api/v2.0/users endpoint. An attacker can retrieve sensitive password hash and salt values by abusing the filtering capability to extract this information character by character. Note:...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-30086
CVE-2025-30086 affects CNCF Harbor: Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 are vulnerable to an ORM leak via the /api/v2.0/users endpoint. The q URL parameter lets an administrator filter by any column and abuse password=~ to leak a user’s password hash and salt character by charact...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
Possible ORM Leak Vulnerability in the Harbor
Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...
GHSA-H27M-3QW8-3PW8 Possible ORM Leak Vulnerability in the Harbor
Impact Administrator users on Harbor could exploit an ORM Leak https://www.elttam.com/blog/plormbing-your-django-orm/ vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q U...
PT-2025-30605 · Cncf · Cncf Harbor
Name of the Vulnerable Software and Affected Versions: CNCF Harbor versions 2.12.0 through 2.12.3 CNCF Harbor versions 2.13.0 through 2.13.0 Description: An ORM leak exists in the /api/v2.0/users endpoint, allowing administrators to potentially disclose users' password hash and salt values. The q...
Unspecified Vulnerability in Tenda CP3 Pro
Tenda CP3 Pro is a smart wireless PTZ camera that combines 360° panoramic surveillance, 3MP HD camera, and Wi-Fi 6 network technology, and supports human/pet detection, cry detection, and one-button calling. Tenda CP3 Pro suffers from a security vulnerability that originates from the presence of ...