Lucene search
K

235 matches found

Vulnrichment
Vulnrichment
added 2025/09/17 12:33 p.m.1 views

CVE-2025-8077 NeuVector admin account has insecure default password

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

9.8CVSS6.7AI score0.0052EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 12:33 p.m.25 views

CVE-2025-8077

CVE-2025-8077 describes a vulnerability in NeuVector up to version 5.4.5 where the built-in admin account uses a fixed string as the default password. If this password is not changed after deployment, any workload with network access within the cluster could use the default credentials to obtain ...

9.8CVSS6.7AI score0.0052EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 12:33 p.m.3 views

CVE-2025-8077 NeuVector admin account has insecure default password

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

9.8CVSS5.9AI score0.0052EPSS
Exploits0References4
OSV
OSV
added 2025/09/17 12:29 p.m.6 views

CVE-2025-54467 NeuVector process with sensitive arguments lead to leakage

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log...

5.3CVSS5.9AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/17 12:29 p.m.20 views

CVE-2025-54467 NeuVector process with sensitive arguments lead to leakage

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log...

5.3CVSS0.00231EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 12:29 p.m.26 views

CVE-2025-54467

CVE-2025-54467 describes a vulnerability in NeuVector where executing a Java command with password parameters can leak the password into the NeuVector security event log after process-rule termination. This is a local/logging disclosure issue that could reveal passwords in logs, with CVSS v3.1 me...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/17 12:29 p.m.4 views

CVE-2025-54467 NeuVector process with sensitive arguments lead to leakage

When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 12:27 p.m.10 views

CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

5.3CVSS0.00162EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/17 12:27 p.m.5 views

CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

5.3CVSS6.5AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2025/09/17 12:27 p.m.9 views

CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack

NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...

5.3CVSS6AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.5 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a security vulnerability that stems from the use of simple and...

5.3CVSS6.4AI score0.00162EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.7 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector versions 5.4.5 and earlier, which stems...

9.8CVSS6.7AI score0.0052EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.6 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector that stems from the execution of Java...

5.3CVSS6.6AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2025/09/08 2:13 p.m.5 views

GO-2025-3917 NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector

NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

5.3CVSS7AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2025/09/08 2:13 p.m.3 views

GO-2025-3918 NeuVector admin account has insecure default password in github.com/neuvector/neuvector

NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

9.8CVSS7AI score0.0052EPSS
Exploits0References1
OSV
OSV
added 2025/09/08 2:13 p.m.3 views

GO-2025-3919 NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector

NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.5 views

PT-2025-36642

NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36644

NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

6.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36643

NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

6.9AI score
Exploits0References2
Snyk
Snyk
added 2025/08/28 1:33 p.m.2 views

Use of Default Credentials

Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...

9.8CVSS7.2AI score0.0052EPSS
Exploits0References2
Rows per page
Query Builder