UTT HiPER 1200GW 安全漏洞

UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by the strcpy function in the Web Management Interface component/goform/setSysAdm file, which led to...

MiracleLinux 3 : krb5-1.6.1-17AXS3.1 (AXSA:2008-345:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-345:03 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

Command Injection

Cybersecurity AI CAI is vulnerable to Command Injection. The vulnerability is due to insufficient input sanitization in the runsshcommandwithcredentials function, where the username, host, and port parameters are not properly escaped, allowing attackers to inject malicious commands...

Cybersecurity AI 命令注入漏洞

Cybersecurity AI is an open source cybersecurity AI security framework from Alias Robotics. A command injection vulnerability exists in Cybersecurity AI version 0.5.9 and earlier, which stems from a command injection in the runsshcommandwithcredentials function that could lead to the execution of...

Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

Linux Distros Unpatched Vulnerability : CVE-2020-26892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. CVE-2020-26892 Note that Nessus...

Santesoft Sante PACS Server 安全漏洞

Sante PACS Server is a medical image management software developed for doctors to view CT in their daily consultations and improve the diagnosis rate. A buffer overflow vulnerability exists in the Sante PACS Server WEB service's EVPDecryptUpdate function that handles usernames and passwords, whic...

CVE-2022-49056

CVE-2022-49056 entry is rejected/not used per the Initial Description.

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication 12.2.0.334 and previous 12.X versions, which stems from insufficient privileges in credentials handling, resulting in the exposure of sensitive NTLM hashes...

PT-2024-2025

Name of the Vulnerable Software and Affected Versions: Progress OpenEdge Authentication Gateway versions prior to 11.7.19 Progress OpenEdge AdminServer versions prior to 11.7.19 Progress OpenEdge Authentication Gateway versions prior to 12.2.14 Progress OpenEdge AdminServer versions prior to...

SUSE CVE-2010-1760

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150...

PT-2022-2678 · Pjsip +4 · Pjsip +4

Name of the Vulnerable Software and Affected Versions: PJSIP versions prior to and including 2.12 Description: The issue is a stack-buffer overflow vulnerability in the PJSIP library, which only impacts users who accept hashed digest credentials with data type PJSIP CRED DATA DIGEST. This...

GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

USN-5162-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

CVE-2020-26892

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled...

CVE-2019-18785

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials...

Apple Safari Incorrectly Handles FTP URL Authentication Credentials Vulnerability

Apple Safari is a popular WEB browser. Apple Safari fails to properly handle FTP URL authentication credentials vulnerability, allowing attackers to exploit the vulnerability to access other restricted resources...

CVE-2010-1760

Removed by vendor...