Lucene search
+L

308 matches found

OSV
OSV
added 2025/03/11 9:12 p.m.8 views

GHSA-9MC5-7QHG-FP3W Below has Incorrect Permission Assignment for Critical Resource

Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...

7.8CVSS7.1AI score0.0036EPSS
Exploits23References9
Cvelist
Cvelist
added 2025/03/11 6:29 p.m.19 views

CVE-2025-27591

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...

0.0036EPSS
Exploits23References2
OSV
OSV
added 2025/02/28 7:15 p.m.5 views

CVE-2025-25428

TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

8CVSS5.8AI score0.00338EPSS
Exploits1References1
NVD
NVD
added 2024/11/01 5:15 p.m.17 views

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

9.8CVSS0.00561EPSS
Exploits1References2
CVE
CVE
added 2024/11/01 12:0 a.m.53 views

CVE-2024-51431

The CVE-2024-51431 entry affects LB-LINK BL-WR 1300H v1.0.4, where hardcoded credentials are stored in /etc/shadow and are easily guessable. Public records (NVD and related feeds) consistently describe this as a credential exposure with high to critical impact potential (CVE details: high confide...

9.8CVSS6.7AI score0.00561EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/01 12:0 a.m.14 views

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

6.9AI score0.00561EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/01 12:0 a.m.27 views

CVE-2024-51431

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...

0.00561EPSS
Exploits1References2
NVD
NVD
added 2024/10/23 2:15 p.m.26 views

CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS0.00265EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/23 1:46 p.m.24 views

CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS6.5AI score0.00265EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/10/23 1:46 p.m.26 views

CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS0.00265EPSS
Exploits0References5
NVD
NVD
added 2024/08/16 6:15 p.m.17 views

CVE-2024-42639

H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root...

9.8CVSS0.00559EPSS
Exploits1References2
NVD
NVD
added 2024/08/16 6:15 p.m.20 views

CVE-2024-42638

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

9.8CVSS0.00559EPSS
Exploits1References2
NVD
NVD
added 2024/08/16 6:15 p.m.20 views

CVE-2024-42637

H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

9.8CVSS0.00559EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/16 12:0 a.m.18 views

CVE-2024-42637

H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

7.5AI score0.00559EPSS
Exploits1References2
CVE
CVE
added 2024/08/16 12:0 a.m.64 views

CVE-2024-42637

The CVE-2024-42637 entry concerns H3C R3010, version v100R002L02, with a hardcoded password in /etc/shadow that can allow root login. Connected sources (Red Hat and NVD) confirm the same description and add a CVSS 3.1 base score of 9.8 (CRITICAL, NETWORK exploitability, no user interaction). The ...

9.8CVSS7.7AI score0.00559EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/08/16 12:0 a.m.59 views

CVE-2024-42638

CVE-2024-42638 affects H3C Magic B1ST v100R012. The vulnerability is a hardcoded password in the system file /etc/shadow that permits authentication as root, enabling full administrative access. Public metric data from NVD indicates a CRITICAL (9.8) base score with NETWORK attack vector, no privi...

9.8CVSS7.5AI score0.00559EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/08/16 12:0 a.m.20 views

CVE-2024-42637

H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

0.00559EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/16 12:0 a.m.23 views

CVE-2024-42639

H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root...

0.00559EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/16 12:0 a.m.27 views

CVE-2024-42638

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

0.00559EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/16 12:0 a.m.16 views

CVE-2024-42638

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

7.5AI score0.00559EPSS
Exploits1References2
Rows per page
Query Builder