Lucene search
K

279 matches found

Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.3 views

PT-2023-6965 · Microsoft · Azure Cli

Name of the Vulnerable Software and Affected Versions: Azure CLI versions prior to the fixed version Description: The issue is related to a lack of protection for service data in the Azure CLI interface, which can be exploited by a remote attacker to gain access to credentials. The estimated numb...

8.6CVSS9.1AI score0.21542EPSS
Exploits0References14
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/10 9:46 a.m.58 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-5043, CVE-2023-5044, CVE-2022-4886)

Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/configuration-snippet annotation CVE-2023-5043 or the...

8.8CVSS7.4AI score0.56568EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/10/31 6:15 p.m.1 views

CVE-2023-37832

A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts...

7.5CVSS5.8AI score0.00554EPSS
Exploits1References1
OSV
OSV
added 2023/09/27 3:19 p.m.4 views

CVE-2023-40435

This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials...

5.5CVSS5.8AI score0.00236EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/09/26 12:0 a.m.14 views

Active Directory Integration / LDAP Integration < 4.2 - Admin LDAP Passback

Description The plugin does not properly validate input when changing the LDAP server. This can result in the ability for authenticated administrators to alter the LDAP server and access the credentials of the original LDAP server...

6.5CVSS6.3AI score0.00721EPSS
Exploits2References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/25 12:0 a.m.7 views

The vulnerability of the org.keycloak.userprofile component of the identity and access management software allows a perpetrator to gain access to user credentials.

The vulnerability of the org.keycloak.userprofile component in the identity and access management software involves the transfer of data in an open manner. Exploiting this vulnerability could allow a malicious actor to gain access to user credentials...

9CVSS7.6AI score0.00466EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/12 4:15 p.m.5 views

CVE-2023-0119

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, a...

5.4CVSS5.4AI score0.00556EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.5 views

Siemens QMS Automotive 安全漏洞

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. Siemens QMS Automotive has an information disclosure hole that can be exploited by an attacker to perform a memory dump, gain access to credentials, and use them in a simulation...

7.3CVSS6.4AI score0.0012EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/08/29 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-20269

Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN...

9.1CVSS7.3AI score0.21583EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/08/25 10:41 a.m.39 views

China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda...

7AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/08/24 4:30 p.m.51 views

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations networks with...

8.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.7 views

PT-2023-27403 · Jenkins · Jenkins Delphix Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Delphix Plugin versions 3.0.2 and earlier Description: The issue allows attackers with Overall/Read permission to access and capture credentials they are not entitled to, due to the plugin not setting the appropriate context for...

6.5CVSS6.3AI score0.00765EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2023/07/18 12:0 a.m.8 views

The vulnerability of the Telnet service of the cable modem Hitron CODA-5310 allows a intruder to gain access to user and administrator credentials.

The vulnerability of the Telnet service of the Microcable Gateway Hitron CODA-5310 lies in the transmission of confidential information in plaintext. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to user and administrator credentials...

7.8CVSS7.2AI score0.00491EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/07/12 10:45 a.m.23 views

Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced on May 15, 2023,...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.4 views

PT-2023-26199 · Jenkins · Jenkins Mabl Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins mabl Plugin versions 0.0.46 and earlier Description: The issue allows attackers with Item/Configure permission to access and capture credentials they are not entitled to, due to the plugin not setting the appropriate context for...

6.5CVSS6.4AI score0.0067EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.4 views

Jenkins Plugin Digital.ai App Management Publisher 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS5.9AI score0.00658EPSS
Exploits0References3
NVD
NVD
added 2023/06/07 10:15 p.m.32 views

CVE-2023-2904

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...

7.3CVSS7.1AI score0.00556EPSS
Exploits0References1
OSV
OSV
added 2023/04/02 9:15 p.m.6 views

CVE-2023-28675

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

4.3CVSS5.8AI score0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.3 views

PT-2023-2368 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 Description: The issue allows an attacker to retrieve system files, credentials, and bypass authentication, resulting in privilege escalation. This can be achieved through URL...

10CVSS9.6AI score0.0109EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.10 views

The vulnerability of the systemSettings table in the APEX education automation system’s database allows a perpetrator to gain access to the password of the domain account.

The vulnerability of the systemSettings table in the APEX education automation system’s database is related to the storage of passwords in an exposed form. Exploiting this vulnerability could allow a malicious actor to remotely access user credentials and obtain the password for the domain accoun...

7.8CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder