The vulnerability of the command-line interface of Cisco Firepower Threat Defense (FTD) software allows a malicious actor to gain unauthorized access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the command-line interface of Cisco Firepower Threat Defense FTD microprogramming systems is related to the use of strictly encrypted account data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or cause servic...

CVE-2024-7763

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials...

CVE-2024-7763

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials...

CVE-2024-7763

Summary: CVE-2024-7763 affects Progress Software WhatsUp Gold prior to 2024.0.0. The vulnerability is an authentication bypass in the getReport feature, enabling an attacker to obtain encrypted user credentials. Affected software: Progress WhatsUp Gold (versions before 2024.0.0). Root cause / vul...

WhatsUp Gold 授权问题漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. An authorization issue vulnerability exists in WhatsUp Gold versions prior to 2024.0.0...

The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.

The vulnerability of the Kubernetes Image Builder software relates to the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine via SSH connection and elevate their privileges to root level...

Nokia Service Router Operating System 安全漏洞

Nokia Service Router Operating System Nokia SR OS is an operating system used by Nokia of Finland for its service router series. A security vulnerability exists in Nokia Service Router Operating System SR OS prior to version 24, which arises from a brute-force attack vulnerability in the bof.cfg...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to the disclosure of information through registration files, allows a hacker to obtain encrypted user credentials.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the ability to disclose information through registration files. Exploiting this vulnerability could allow a malicious actor to obtain encrypted user credentials remotely...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures to neutralize special elements used in the operating system team. This allows attackers to enhance their privileges and execute arbitrary commands on the basic operating system.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures taken to neutralize special elements used in the operating system team. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary command...

openSUSE Security Advisory (SUSE-SU-2024:3629-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-37046 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions 1.50.3 and prior Description: A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session tok...

CVE-2024-9487

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...

CVE-2024-9487

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be...

The vulnerability of the Command-Line Argument Handler component of software for controlling remote connections in Devolutions Remote Desktop Manager allows a hacker to obtain encrypted user credentials.

The vulnerability of the Command-Line Argument Handler component in software for controlling remote connections in Devolutions Remote Desktop Manager is related to the disclosure of information through registration files. Exploiting this vulnerability can allow a hacker to obtain encrypted user...

Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

GHSA-62JV-J4W7-5HH8 Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin when accessing item config.xml via REST API...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...