308 matches found
GHSA-9MC5-7QHG-FP3W Below has Incorrect Permission Assignment for Critical Resource
Impact A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as...
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow...
CVE-2025-25428
TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...
CVE-2024-51431
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...
CVE-2024-51431
The CVE-2024-51431 entry affects LB-LINK BL-WR 1300H v1.0.4, where hardcoded credentials are stored in /etc/shadow and are easily guessable. Public records (NVD and related feeds) consistently describe this as a credential exposure with high to critical impact potential (CVE details: high confide...
CVE-2024-51431
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...
CVE-2024-51431
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable...
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
CVE-2024-42639
H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42638
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42637
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42637
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42637
The CVE-2024-42637 entry concerns H3C R3010, version v100R002L02, with a hardcoded password in /etc/shadow that can allow root login. Connected sources (Red Hat and NVD) confirm the same description and add a CVSS 3.1 base score of 9.8 (CRITICAL, NETWORK exploitability, no user interaction). The ...
CVE-2024-42638
CVE-2024-42638 affects H3C Magic B1ST v100R012. The vulnerability is a hardcoded password in the system file /etc/shadow that permits authentication as root, enabling full administrative access. Public metric data from NVD indicates a CRITICAL (9.8) base score with NETWORK attack vector, no privi...
CVE-2024-42637
H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42639
H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42638
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...
CVE-2024-42638
H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...