Schneider Electric Modicon M221 Programmable Logic Controller Use of a One-Way Hash with a Predictable Salt (CVE-2020-28214)

A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 all references, all versions, that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictab...

SUSE CVE-2007-6130

gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions...

SUSE CVE-2018-16857

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords to restrict brute forcing of passwords in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been...

SUSE CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

Cybersecurity and privacy tips you can teach your 5+-year-old

Everything we teach our kids starts at home--we parents are their first teachers, after all. So, why wait for them to start going to school to start learning about cybersecurity and online privacy? Though it's hardly news that more and more children are being introduced to mobile computing device...

SUSE-SU-2023:0162-1 Security update for samba

This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password bsc1206546...

WordPress Passster – Password Protection Plugin < 3.5.5.9 is vulnerable to Broken Access Control

Software Passster – Password Protection Type Plugin Vulnerable versions 3.5.5.9 Fixed in 3.5.5.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-24881 Patch priority Low CVSS severity Low 5.3 Developer Patrick Posner PSID 3b75ba83694c Credits dc11 Required...

WordPress Passster – Password Protection Plugin < 3.5.5.8 is vulnerable to Cross Site Scripting (XSS)

Software Passster – Password Protection Type Plugin Vulnerable versions 3.5.5.8 Fixed in 3.5.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2021-24837 Patch priority Medium CVSS severity Medium 6.3 Developer Patrick Posner PSID b41d0cd0e690 Credits...

The vulnerability of Symantec Endpoint Protection’s antivirus software lies in its ability to bypass security elements, allowing attackers to circumvent password protection for security policy import/export.

The vulnerability of the Symantec Endpoint Protection antivirus software is related to the possibility of bypassing security elements. Exploiting this vulnerability could allow a hacker to circumvent password protection for security policy import/export...

Hiro: Security Issue into Wallet lock protection

Description While testing wallet extension i generally try to test multiple endpoints, so 2 tabs were open of wallet on chrome-extension://ldinpeekobnhjjdofggfgjlcehhmanlj/popup.html So i tried to lock Wallet extension buti found that i can still use browser in 2nd tab, why i had already locked...

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

Security feature bypass

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

CVE-2022-44020

A flaw was found in sushy-tools & VirtualBMC, where changing the boot device configuration removes password protection from the managed libvirt XML domain...

GHSA-5PJ3-6FQM-8M7M OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

CVE-2022-44020

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

CVE-2022-44020

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

Design/Logic Flaw

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack Sushy-Tools 0.21.0 and earlier and VirtualBMC 2.2.2 and earlier, which stems from the fact that changing the boot device configuration with thes...