30 matches found
Astra Linux - уязвимость в 389-ds-base
A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...
CVE-2025-59105
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
CVE-2025-59105
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
EUVD-2025-206374
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...
CVE-2025-59105
CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...
EUVD-2019-2236
Malware in sbrugna...
EUVD-2025-20517
Malicious code in bioql PyPI...
CVE-2025-57433
The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint /cwi/ajaxrequest/getdata.php, an authenticated attacker even with a low-privileged account like guest can retrieve the hashed passwords for the...
Linux Distros Unpatched Vulnerability : CVE-2019-10224
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-9337
In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...
CVE-2023-33838
CVE-2023-33838 affects IBM Security Verify Governance 10.0.2 Identity Manager. The issue is that the product uses a one-way cryptographic hash on inputs that should not be reversible (e.g., passwords) without applying a salt, increasing exposure of hashed values. The connected IBM bulletin confir...
CVE-2023-51574
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. T...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A security bypass vulnerability exists in Voltronic Power ViewPower that stems from a specific flaw in the updateManagerPassword method, which can be exploited by an attacker to bypass...
CVE-2023-51573
Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...
SUSE CVE-2019-10224
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could...
GHSA-WCJJ-QM5V-J4PC Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
PT-2022-27486 · Jenkins · Jenkins Reverse Proxy Auth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier Description: The issue allows attackers with access to the Jenkins controller file system to view the LDAP manager password, which is stored unencrypted in the global config.xml fil...
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...