Lucene search
+L

325 matches found

Microsoft CVE
Microsoft CVE
added 2025/02/11 8:0 a.m.9 views

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

...

3.3CVSS4.4AI score0.00448EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 8:0 a.m.12 views

CVE-2024-29959

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

8.6CVSS7AI score0.00476EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 5:15 a.m.13 views

CVE-2025-0374

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as...

6.5CVSS0.0029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.6 views

PT-2025-3859 · Etcupdate +1 · Etcupdate +1

Name of the Vulnerable Software and Affected Versions: etcupdate affected versions not specified Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the inpu...

6.5CVSS6.4AI score0.0029EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2025/01/29 12:0 a.m.8 views

FreeBSD -- Unprivileged access to system files

Problem Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted...

6.5CVSS6.8AI score0.0029EPSS
Exploits0
OSV
OSV
added 2024/11/12 7:15 p.m.5 views

CVE-2024-36509

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted password...

4.4CVSS5.8AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/12 6:53 p.m.10 views

CVE-2024-36509

An exposure of sensitive system information to an unauthorized control sphere vulnerability CWE-497 in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted password...

4.2CVSS6.4AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.18 views

PT-2024-27040 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.23 and below FortiWeb versions 7.0.10 and below FortiWeb versions 7.2.10 and below FortiWeb versions 7.4.3 and below FortiWeb version 7.6.0 Description: The issue allows an authenticated attacker to access the encrypted...

4.4CVSS6.7AI score0.00207EPSS
Exploits0References5
CISA KEV Catalog
CISA KEV Catalog
added 2024/09/16 12:0 a.m.29 views

Progress WhatsUp Gold SQL Injection Vulnerability

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...

9.8CVSS8.4AI score0.94661EPSS
In wildExploits2
VulnCheck KEV
VulnCheck KEV
added 2024/09/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-6670

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user...

9.8CVSS5.9AI score0.94661EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.23 views

NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2024-0068)

The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read i...

8.1CVSS6.4AI score0.01284EPSS
Exploits0References5
OSV
OSV
added 2024/08/29 10:15 p.m.8 views

CVE-2024-6670

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...

9.8CVSS5.8AI score0.94661EPSS
Exploits2References3
OSV
OSV
added 2024/08/29 10:15 p.m.9 views

CVE-2024-6671

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...

9.8CVSS5.8AI score0.14886EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.6 views

WhatsUp Gold 安全漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability previously existed in WhatsUp Gold version 2024.0.0, which...

9.8CVSS8.8AI score0.14886EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/08/27 12:0 a.m.34 views

Progress WhatsUp Gold < 24.0.0 Multiple Vulnerabilities (000263015)

The version of Progress WhatsUp Gold installed on the remote host is prior to 24.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the 000263015 advisory: - In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQ...

9.8CVSS9.1AI score0.94661EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.6 views

PT-2024-9442 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: The issue is related to a SQL Injection vulnerability in WhatsUp Gold, which can be exploited by an unauthenticated attacker to retrieve a user's encrypted password. The vulnerability is...

10CVSS10AI score0.94661EPSS
Exploits2References110
NVD
NVD
added 2024/05/28 5:15 p.m.18 views

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

7.5CVSS6.8AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/28 4:57 p.m.22 views

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

6.8AI score0.00396EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.10 views

PT-2024-26442 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References3
OSV
OSV
added 2024/04/19 4:15 a.m.4 views

CVE-2024-29959

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

8.6CVSS5.8AI score0.00476EPSS
Exploits0References1
Rows per page
Query Builder