Lucene search
K

47 matches found

CNNVD
CNNVD
added 2024/03/26 12:0 a.m.3 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is an application from zscaler. An application installed on a device that ensures that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A security...

7.8CVSS6.8AI score0.00236EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.3 views

Garuda Linux License Issues Vulnerability

Garuda Linux is an x86-64 general-purpose Linux distribution from Garuda Linux, based on the Arch Linux operating system. Garuda Linux suffers from a security vulnerability that originates from the execution of an insecure process when creating a user via Garuda Settings Manager, which leaves the...

7CVSS7AI score0.0016EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/09/20 12:0 a.m.8 views

The vulnerability of cloud-based software for creating and using Nextcloud data storage solutions is related to improper access control, which allows a hacker to change user passwords.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to the absence of password confirmation for users who access the system. Exploiting this vulnerability can allow attackers to change user passwords...

7.8CVSS7.2AI score0.00242EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2023/08/12 2:10 a.m.4 views

SUSE CVE-2023-39963

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully steali...

8.1CVSS6.8AI score0.00242EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.27 views

PT-2023-5257 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 20.0.0 through 20.0.14.14 Nextcloud Server versions 21.0.0 through 21.0.9.12 Nextcloud Server versions 22.0.0 through 22.2.10.13 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0...

9.8CVSS5.7AI score0.01041EPSS
Exploits6References95
ICS
ICS
added 2023/06/06 6:0 a.m.56 views

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...

7.5CVSS7.9AI score0.0084EPSS
Exploits0References10
NVD
NVD
added 2023/06/02 5:15 a.m.18 views

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/...

6.2CVSS6.8AI score0.00331EPSS
Exploits0References3
Veracode
Veracode
added 2023/02/05 2:22 p.m.18 views

Weak Password Requirements

publifycore is vulnerable to Weak Password Requirements. A remote attacker can easily compromise user accounts due to missing password strength constraints...

6.5CVSS6.5AI score0.007EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.7 views

The vulnerability of the telnetd server software in the Infiray IRAY-A8Z3 camera system allows a intruder to elevate their privileges to the root level.

The vulnerability of the telnetd server software in Infiray IRAY-A8Z3 cameras is related to the absence of a password for the root user account. Exploiting this vulnerability allows an attacker to elevate their privileges to root status by connecting through port 23...

8.4CVSS7.7AI score0.01489EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2022/05/05 2:48 a.m.3 views

GHSA-P5C5-6564-VVR8 Improper Authentication in Apache CXF

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...

5CVSS7.2AI score0.04687EPSS
Exploits0References22
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.5 views

The vulnerability of the CMS system October CMS, related to the lack of a password recovery mechanism, allows attackers to gain access to any user account at will.

The vulnerability of the CMS system October CMS is related to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker to gain access to any account by using a specially created request...

9.4CVSS8AI score0.90418EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/07/15 8:15 p.m.3 views

CVE-2020-10284

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarmstudio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the...

9.1CVSS7.3AI score0.01393EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/04/25 7:56 p.m.19 views

CVE-2018-16219

A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker in the same network as the device to change the admin password without authentication via a POST request...

8.8AI score0.01216EPSS
Exploits1References1
Prion
Prion
added 2018/12/20 9:29 p.m.10 views

Default credentials

Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker in the same network as the device to change the admin password without authentication and without knowing the original password...

5CVSS9.5AI score0.01658EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.5 views

The vulnerability of the software interface of the FortiWeb Manager, a centralized control system for network switches, relates to access control deficiencies, allowing an intruder to gain access to the system using an administrator account.

The vulnerability of the software interface for centralized control of network switches, FortiWeb Manager, is related to the lack of password verification for the admin account. Exploiting this vulnerability could allow a malicious actor, operating remotely and having access to the web interface,...

10CVSS5.5AI score0.0278EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/12/29 9:59 a.m.3 views

DEBIAN-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

9.8CVSS7.2AI score0.01378EPSS
Exploits0References1
OSV
OSV
added 2016/12/29 12:0 a.m.6 views

UBUNTU-CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...

9.8CVSS7.3AI score0.01378EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2016/11/11 12:0 a.m.2 views

VulnCheck KEV: CVE-1999-0502

A Unix account has a default, null, blank, or missing password...

7.5CVSS7.3AI score0.53618EPSS
Exploits41References1
OSV
OSV
added 2016/04/12 2:59 p.m.3 views

CVE-2016-0733

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username...

9.8CVSS5.8AI score0.03063EPSS
Exploits0References4
Cisco
Cisco
added 2016/02/23 12:0 a.m.40 views

Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability

A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at...

6.9CVSS9.4AI score0.0108EPSS
Exploits0References1
Rows per page
Query Builder