Lucene search
K

171 matches found

Prion
Prion
added 2021/01/21 3:15 p.m.15 views

Information disclosure

OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for...

5CVSS5.3AI score0.00736EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/21 2:20 p.m.57 views

CVE-2021-21253

CVE-2021-21253 concerns OnlineVotingSystem, an open-source project. The vulnerability affects versions prior to 1.1.2 where user passwords are hashed without a salt, making them susceptible to dictionary attacks (e.g., rainbow tables). The root cause is the absence of a long randomly generated sa...

5.8CVSS5.3AI score0.00736EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/01/21 12:0 a.m.8 views

OnlineVotingSystem Encryption Problem Vulnerability

Dbijaya OnlineVotingSystem is a Java-based online voting system from the individual developers of Dbijaya. OnlineVotingSystem before version 1.1.2 suffers from a cryptographic vulnerability that stems from not using a salt to hash a user's password, which can be exploited by an attacker to make i...

5.8CVSS6AI score0.00736EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.5 views

Trusted Computing Group Trusted Platform Module Security Vulnerability

Trusted Computing Group Trusted Platform Module TPM is a chip that is planted inside a computer to provide a trusted root for the computer, organized by the Trusted Computing Group. The chip was developed by the Trusted Computing Group TCG to effectively protect PCs from unauthorized access. A...

7.2CVSS6.3AI score0.00297EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/10/07 12:0 a.m.98 views

HP Device Manager 4.x < 4.7 SP 13 / 5.x < 5.0.4 Multiple Vulnerabilities

According to its self-reported version number, the version of HP Device Manager installed on the remote Windows host is 4.x prior to 4.7 SP 13 or 5.x prior to 5.0.4. It is, therefore, affected by multiple vulnerabilities: - A weak cipher implementation that is susceptible to dictionary attacks...

6.5AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/29 7:44 p.m.4 views

freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks...

6.5CVSS5.8AI score0.01632EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.26 views

F5 Networks BIG-IP : BIG-IP APM Edge Client vulnerability (K97733133)

When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM attack by deploying a...

4.3CVSS5.2AI score0.00561EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/02 2:5 p.m.33 views

CVE-2019-14833

A flaw was found in Samba in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASC...

5.4CVSS1.3AI score0.02084EPSS
Exploits0References4
CNVD
CNVD
added 2020/03/25 12:0 a.m.2 views

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32870)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by attackers to perform downgrade and/or dictionary attacks...

5.4CVSS6.6AI score0.00121EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.43 views

EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2020-1231)

According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP...

6.5CVSS6.2AI score0.03515EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/03/13 12:0 a.m.36 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-1231)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.03515EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/01/25 10:2 p.m.21 views

CVE-2018-5389

It was found that IKEv1 and potentially IKEv2 authentication when using a pre-shared key PSK is vulnerable to offline dictionary attacks in Main Mode as well as in Aggressive Mode. A man-in-the-middle attacker who intercepted the handshake of two peers authenticating with a PSK, could apply a...

5.9CVSS3.9AI score0.03038EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-2303)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS6.4AI score0.02355EPSS
Exploits1References2
Mageia
Mageia
added 2020/01/05 3:37 p.m.41 views

Updated freeradius packages fix security vulnerabilities

Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...

7.5CVSS1.7AI score0.02168EPSS
Exploits4References4
Hacker One
Hacker One
added 2019/11/24 10:24 a.m.157 views

Internet Bug Bounty: Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd

Full background information is at our website and detailed information can be found in our research paper. Vulnerability Summary First Disclosure Summarized, the Dragonfly handshake of WPA3 and EAP-pwd is supposed to prevent dictionary attacks. However, we discovered design flaws that still enabl...

7.5CVSS8AI score0.07624EPSS
Exploits1
OSV
OSV
added 2019/11/06 10:15 a.m.21 views

CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS6.5AI score0.02084EPSS
Exploits0References9
OSV
OSV
added 2019/11/06 10:15 a.m.2 views

DEBIAN-CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS5.8AI score0.02084EPSS
Exploits0References1
OSV
OSV
added 2019/11/06 10:15 a.m.3 views

ALPINE-CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS6.5AI score0.02084EPSS
Exploits0References1
Prion
Prion
added 2019/11/06 10:15 a.m.24 views

Default credentials

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

4.9CVSS4.6AI score0.02084EPSS
Exploits0References9Affected Software3
Debian CVE
Debian CVE
added 2019/11/06 12:0 a.m.31 views

CVE-2019-14833

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for passwo...

5.4CVSS5.4AI score0.02084EPSS
Exploits0
Rows per page
Query Builder