Lucene search
K

158 matches found

CNNVD
CNNVD
added 2022/04/27 12:0 a.m.5 views

Sophos Authenticator 安全漏洞

Sophos Authenticator is a simple and intuitive application from Sophos UK. It is used to provide multiple authentication on mobile devices. Sophos Authenticator suffers from a security vulnerability that stems from insecure data storage. A physical attacker with root privileges could exploit this...

3.9CVSS5.1AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/21 12:0 a.m.5 views

PT-2022-7021 · Qnap · Qvr Pro Client

Name of the Vulnerable Software and Affected Versions: QVR Pro Client versions prior to 2.3.0.0420 Description: The issue is related to insufficient protection of registration data in QVR Pro Client, which may allow an attacker to gain unauthorized access to protected information. An insertion of...

6.7CVSS4.5AI score0.00169EPSS
Exploits0References7
NVD
NVD
added 2021/12/16 8:15 p.m.18 views

CVE-2021-3179

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...

5.5CVSS0.00441EPSS
Exploits0References3
CVE
CVE
added 2021/12/16 7:13 p.m.56 views

CVE-2021-3179

CVE-2021-3179 concerns the GGLocker iOS app, where an insecure data storage of the password hash enables an authentication bypass. The entry is corroborated by multiple sources in connected documents (NVD, Red Hat, CVE lists). Affected software: GGLocker iOS application. Underlying issue: insecur...

5.5CVSS5.5AI score0.00441EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/12/16 7:13 p.m.23 views

CVE-2021-3179

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass...

5.8AI score0.00441EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/16 12:0 a.m.2 views

GGLocker iOS 安全漏洞

GgLocker Ios is a simple digital locker by Gabriele Greco personal developer. A security vulnerability exists in the GGLocker iOS app that stems from an insecure data store containing password hashes, leading to authentication bypass...

5.5CVSS5.8AI score0.00441EPSS
Exploits0References4
Veracode
Veracode
added 2021/06/17 5:41 a.m.26 views

Remote Code Execution (RCE)

phpmailer is vulnerable to remote code execution. The vulnerability exists due to insecure data allowed into the $langpath parameter of the setLanguage method...

8.1CVSS3.5AI score0.02803EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/03/17 3:15 p.m.5 views

CVE-2020-35455

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...

7.8CVSS5.8AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2021/03/17 3:15 p.m.13 views

CVE-2020-35455

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...

7.8CVSS0.00235EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/12/03 12:0 a.m.5 views

The vulnerability of static data created by software for generating reports in Cisco Security Manager’s extended security environments allows attackers to gain unauthorized access to protected information.

The vulnerability of static data in the software tool for creating reports in Cisco Security Manager-enabled extended security environments is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to...

7.4CVSS7.7AI score0.01712EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/05/29 10:15 p.m.3 views

CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data...

5.5CVSS6.1AI score0.00319EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.6 views

The vulnerability of the Siemens SPPA-T3000 application server allows a hacker to gain access to confidential information.

The vulnerability of the Siemens SPPA-T3000 application server is related to the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to access confidential information...

5.4CVSS6.2AI score0.01024EPSS
Exploits0References2
OSV
OSV
added 2020/04/30 1:15 p.m.13 views

CVE-2020-9387

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on...

4.3CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2020/04/09 5:15 p.m.15 views

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git...

6.5CVSS6.4AI score
Exploits0References4
NVD
NVD
added 2020/02/13 9:15 p.m.18 views

CVE-2020-8989

In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. Fo...

5.3CVSS5.2AI score0.01027EPSS
Exploits0References2
CNVD
CNVD
added 2019/09/11 12:0 a.m.2 views

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2019-34770)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

8.8CVSS8AI score0.08328EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/15 12:0 a.m.3 views

Adobe Creative Cloud Desktop Application Insecure Transfer of Sensitive Data Vulnerability

Adobe Creative Cloud Desktop Application is the management software for various Creative Cloud applications and services. An insecure transmission of sensitive data vulnerability exists in Adobe Creative Cloud Desktop Application 4.6.1 and earlier versions. An attacker could exploit this...

7.5CVSS6.6AI score0.0367EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2019/05/08 4:30 p.m.71 views

Vulnerabilities in financial mobile apps put consumers and businesses at risk

Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have but may not be aware of or care to admit about cybersecurity—and, at times, privacy. It rears its ugly head when 1 we share the common notion that programmers know how to code securel...

0.9AI score
Exploits0
CNVD
CNVD
added 2019/01/04 12:0 a.m.3 views

August Connect Information Disclosure Vulnerability

August Connect is a bridge device for supporting Wi-Fi and smart lock connections. A security vulnerability exists in August Connect that stems from the program failing to securely transfer data between the August app and August Connect during configuration. An attacker could exploit the...

9.8CVSS6.7AI score0.0071EPSS
Exploits0
NVD
NVD
added 2019/01/02 6:29 p.m.15 views

CVE-2018-20100

An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST,...

9.8CVSS9.4AI score0.0071EPSS
Exploits0References1
Rows per page
Query Builder