CVE-2024-36439

Swissphone DiCal-RED 4009 devices are affected by CVE-2024-36439, where a remote attacker can access the administrative web interface using the device password’s hash value without knowing the actual password. The vulnerability arises in the authentication flow and, per the gathered sources, ther...

PT-2024-26998 · Swissphone · Swissphone Dical-Red 4009

Name of the Vulnerable Software and Affected Versions: Swissphone DiCal-RED 4009 affected versions not specified Description: The issue allows a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...

CVE-2024-36439

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...

389-ds-base: Malformed userPassword hash may cause Denial of Service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

GO-2023-1957 KubePi may leak password hash of any user in github.com/KubeOperator/kubepi

KubePi may leak password hash of any user in github.com/KubeOperator/kubepi...

Path Traversal

Streamlit is vulnerable to a Path Traversal. The vulnerability is due to improper handling of file paths in the static file sharing feature of Streamlit on Windows systems, which allows an attacker to traverse directories and access the password hash of the Windows user running Streamlit...

PYSEC-2024-153

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...

CVE-2024-42474

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...

PYSEC-2024-153

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...

CVE-2024-42474 Streamlit Path Traversal Security Vulnerability on Windows

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...

CVE-2024-42474

CVE-2024-42474 affects Streamlit Open Source on Windows via the static file sharing feature, enabling path traversal that could leak the Windows user’s password hash. The issue was identified in Streamlit and patched in version 1.37.0 (released around July 25, 2024). Evidence in connected sources...

CVE-2024-42474 Streamlit Path Traversal Security Vulnerability on Windows

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...

CVE-2024-42474 Streamlit Path Traversal Security Vulnerability on Windows

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit apps on Windows were vulnerable to a path traversal vulnerability when the static file shari...

389-ds-base: Malformed userPassword hash may cause Denial of Service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

PT-2024-29970 · Streamlit · Streamlit

Name of the Vulnerable Software and Affected Versions: Streamlit versions prior to 1.37.0 Description: The issue is related to a path traversal vulnerability in the static file sharing feature of Streamlit. This vulnerability allows an attacker to leak the password hash of the Windows user runnin...

389-ds-base: Malformed userPassword hash may cause Denial of Service

A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password...

Brother MFC-J491DW 安全漏洞

Brother MFC-J491DW is a wireless color inkjet MFP from Brother, Japan. A security vulnerability exists in the Brother MFC-J491DW that originates from a password hash disclosure that allows retrieval of the printer's web interface password hash without authentication...

Siemens RUGGEDCOM APE 1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...