Lucene search
+L

105 matches found

OSV
OSV
added 2025/02/19 3:15 p.m.3 views

CVE-2024-52902

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.3 views

IBM Cognos Controller 信任管理问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from a trust management...

8.8CVSS6.8AI score0.00335EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.5 views

Kurmi Provisioning Suite 安全漏洞

Kurmi Provisioning Suite is an infrastructure management suite from Kurmi. A security vulnerability exists in Kurmi Provisioning Suite versions prior to 7.9.0.35 and versions 7.10.x through 7.10.0.18. An attacker exploiting this vulnerability could access any file, such as a configuration file...

4.9CVSS6.3AI score0.00821EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/10/24 6:0 p.m.30 views

OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

8.1CVSS7.4AI score0.00361EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/09/11 11:27 p.m.44 views

CVE-2024-28981

Hitachi Vantara Pentaho Data Integration & Analytics is affected. Versions before 10.1.0.0 and 9.3.0.8 (including 8.3.x) disclose database passwords when searching metadata injectable fields due to insufficiently protected credentials. No exploitation details are provided in the documents. Remedi...

8.5CVSS8.6AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/11 11:27 p.m.22 views

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/11 11:27 p.m.8 views

CVE-2024-28981 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields...

8.5CVSS7AI score0.00271EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/04/15 12:0 a.m.478 views

Amazon AWS Glue Database Password Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage:...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.6 views

SCHUHFRIED Security Vulnerabilities

SCHUHFRIED is a psychometric testing system from the Austrian company SCHUHFRIED. A security vulnerability exists in SCHUHFRIED version v.8.22.00, which originated from a vulnerability that allows remote attackers to obtain database passwords via a specially crafted curl command...

9.8CVSS6.8AI score0.00805EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.5 views

EGroupware Security Vulnerabilities

EGroupware is an online office platform from EGroupware, Inc. A security vulnerability exists in EGroupware version 17.1.20190111, which stems from the presence of an incorrect password storage vulnerability that allows an authenticated, remote attacker with administrator credentials to read...

4.9CVSS6.9AI score0.00578EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/07/14 12:0 a.m.11 views

All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password

The plugin stores the password inside the database as plaintext allowing administrators to obtain access to user's passwords...

6.9AI score
Exploits0References2Affected Software1
Broadcom
Broadcom
added 2023/05/19 12:0 a.m.46 views

CVE-2018-1053 - Ensure that all temporary files made with "pg_upgrade" are non-world-readable

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

7CVSS6.6AI score0.00491EPSS
Exploits0
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.4 views

Mattermost 日志信息泄露漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A log information disclosure vulnerability exists in Mattermost Sever, which stems from the inability to edit database usernames and passwords before issuing application logs during server initialization...

7.5CVSS7.2AI score0.00547EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.5 views

PT-2023-22970

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.3.0 through 2.0.1 Description An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. Recommendations For Apache Superset versions...

6.5CVSS6.8AI score0.02067EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.5 views

SUSE CVE-2013-6384

1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...

1.9CVSS6.2AI score0.0041EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/11/15 9:7 a.m.81 views

Internet Bug Bounty: Leak of sensitive values to Airflow rendered template

I’m just getting started with Airflow, but seem to have got into a situation where sensitive values e.g. connection passwords end up in my task’s rendered template. Here’s how my DAG starts, having set up a connection called “secret” with a password specified: t1 = BashOperator...

7AI score
Exploits0
Prion
Prion
added 2022/11/02 3:15 p.m.19 views

Design/Logic Flaw

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...

5CVSS7.5AI score0.00302EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/02 2:56 p.m.7 views

CVE-2021-45447 Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...

7.7CVSS6.9AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/02 2:56 p.m.30 views

CVE-2021-45447 Pentaho Business Analytics Server - With the Data Lineage feature enabled, the system transmits database passwords in clear text

Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and...

7.7CVSS7.7AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.38 views

SAP Business One Information Disclosure Vulnerability (CNVD-2021-101685)

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 contains an information disclosure vulnerability, which originates when an administrator user can view database passwords in plain text over the network. An attacker could use...

4.4CVSS1.4AI score0.00417EPSS
Exploits0References1
Rows per page
Query Builder