Lucene search
K

9 matches found

NVD
NVD
added 2022/11/08 11:15 a.m.18 views

CVE-2022-43958

A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...

9.1CVSS0.00317EPSS
Exploits0References2
Prion
Prion
added 2022/11/08 11:15 a.m.12 views

Design/Logic Flaw

A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...

5.2CVSS7.5AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/08 12:0 a.m.26 views

CVE-2022-43958

A vulnerability has been identified in QMS Automotive All versions V12.39, QMS Automotive All versions V12.39. User credentials are stored in plaintext in the database without any hashing mechanism. This could allow an attacker to gain access to credentials and impersonate other users...

7.6CVSS7.6AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2022/11/08 12:0 a.m.58 views

CVE-2022-43958

CVE-2022-43958 | Siemens QMS Automotive : All versions prior to v12.39 store user credentials in plaintext in the database (no hashing). This enables credential exposure and potential user impersonation. Evidence sources describe plaintext password storage as the root cause and assign CVSS scores...

9.1CVSS7.3AI score0.00317EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/09/13 9:15 p.m.22 views

Design/Logic Flaw

Because the WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed...

4.6CVSS7.5AI score0.00694EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/09/13 8:35 p.m.61 views

CVE-2022-40621

The CVE-2022-40621 entry concerns WAVLINK Quantum D4G (WN531G3). Affected firmware versions M31G3.V5030.200325 and earlier communicate over HTTP (not HTTPS), and the device’s authentication hashing does not rely on a server-supplied key. This enables an attacker with sufficient network access to ...

7.5CVSS7.5AI score0.00694EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.41 views

Mandriva Linux Security Advisory : perl (MDVSA-2013:113)

Updated perl packages fix security vulnerability : It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code CVE-2012-5195. The compile function in Maketext.pm in the Locale::Maketext implementation...

7.5CVSS8.3AI score0.61604EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2011/02/08 12:0 a.m.46 views

MS11-013: Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)

The implementation of Kerberos on the remote Windows host is affected by one or more vulnerabilities : - Microsoft's Kerberos implementation uses a weak hashing mechanism, which can allow for certain aspects of a Kerberos service ticket to be forged. Note that this is not exploitable on domains...

7.2CVSS5.6AI score0.05486EPSS
Exploits0References3
securityvulns
securityvulns
added 2000/10/24 12:0 a.m.19 views

Проблемы в авторизации MySQL

ИСпользуется слабый механизм хэширования при авторизации позволяющий восстановить пароль...

0.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder