Lucene search
K

1753 matches found

ICS
ICS
added 2021/12/21 12:0 a.m.54 views

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command...

10CVSS10AI score0.01549EPSS
Exploits0References5
NVD
NVD
added 2021/12/16 8:15 p.m.10 views

CVE-2021-3179

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...

5.5CVSS0.00441EPSS
Exploits0References3
Prion
Prion
added 2021/12/16 8:15 p.m.15 views

Authentication flaw

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...

2.1CVSS5.5AI score0.00441EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/12/16 7:13 p.m.16 views

CVE-2021-3179

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...

5.8AI score0.00441EPSS
Exploits0References3
CVE
CVE
added 2021/12/16 7:13 p.m.53 views

CVE-2021-3179

CVE-2021-3179 concerns the GGLocker iOS app, where an insecure data storage of the password hash enables an authentication bypass. The entry is corroborated by multiple sources in connected documents (NVD, Red Hat, CVE lists). Affected software: GGLocker iOS application. Underlying issue: insecur...

5.5CVSS5.5AI score0.00441EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.4 views

PT-2021-6785 · Mitsubishi · Melsec Q Series Q03/04/06/13/26Udvcpu +20

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series...

8.1CVSS6.6AI score0.01209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.4 views

PT-2021-6786 · Mitsubishi · Melsec Q Series Q03/04/06/13/26Udvcpu +21

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series...

9.1CVSS7.6AI score0.0229EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.5 views

PT-2021-6790 · Mitsubishi · Melsec Iq-R Series Rj71Gf11-T2 +22

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions Mitsubishi Electric MELSEC iQ-R series...

8.1CVSS6.4AI score0.02051EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.10 views

PT-2021-10: Possibility of authorization in the file password mechanism using the password hash value in the FX5U(C) CPU and FX5UJ CPU modules

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a password hash instead of a password for authentication. Exploiting the vulnerability may allow an attacker who knows the hash value of the password to perform...

9.1CVSS9.3AI score0.0229EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.10 views

PT-2021-09: Possibility of authorization in Remote Password mechanism using password hash

The vulnerability of the FX5UC CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of using a weak password hash. Exploiting the vulnerability may allow an attacker to use the resulting hash value to recover the password value. Advisory status 15.12.202...

8.1CVSS8AI score0.01209EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/12/15 12:0 a.m.10 views

PT-2021-08: Possibility of authorization in Remote Password mechanism using password hash in FX5U(C) CPU and FX5UJ CPU modules

Exploiting the vulnerability of the FX5UC CPU and FX5U CPU modules of Mitsubishi Electric FA products may allow an attacker to perform authorization in Remote Password mechanism using password hash Advisory status 15.12.2021 - Vendor gets vulnerability details 31.03.2022 - Security advisory...

8.1CVSS8.2AI score0.02051EPSS
Exploits0
Cent OS
Cent OS
added 2021/11/17 2:40 p.m.71 views

389 security update

CentOS Errata and Security Advisory CESA-2021:3807 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

6.5CVSS6.7AI score0.01349EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.35 views

CentOS 7 : 389-ds-base (RHSA-2021:3807)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3807 advisory. - A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any passwo...

6.5CVSS6.7AI score0.01349EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/08 2:15 p.m.38 views

CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of t...

7.5CVSS7.7AI score0.00544EPSS
Exploits1References2
CNVD
CNVD
added 2021/11/05 12:0 a.m.15 views

Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120 Encryption Error Vulnerability

The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to an encryption error that could...

6.9CVSS2AI score0.0014EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/10/25 6:38 a.m.2 views

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

6.5CVSS5.8AI score0.01349EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/10/20 12:0 a.m.31 views

RHEL 8 : 389-ds:1.4 (RHSA-2021:3906)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3906 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

6.5CVSS6.9AI score0.01349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2021/10/19 7:0 a.m.4 views

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

6.5CVSS5.8AI score0.01349EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/10/14 12:0 a.m.27 views

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2021:3807)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3807-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but has...

6.5CVSS6.8AI score0.01349EPSS
Exploits0References2
Veracode
Veracode
added 2021/10/13 7:13 p.m.20 views

Access Restriction Bypass

py-bcrypt is vulnerable to Improper Access Control. The vulnerability exists due to improper handling of concurrent memory access in py-bcrypt module which triggers password hash overwriting, allowing an attacker to bypass security restrictions...

7.5CVSS5.4AI score0.02835EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder