27 matches found
GHSA-XWX7-P63R-2RJ8 Navidrome Stores JWT Secret in Plaintext in navidrome.db
Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. The JWT secret is critical for the authentication and authorization system. If...
CVE-2024-37003
Summary of CVE-2024-37003 : A maliciously crafted DWG/SLDPRT file can be parsed by Autodesk AutoCAD components, specifically opennurbs.dll and ODXSW_DLL.dll, causing a stack-based overflow. This can lead to a crash, potential data exposure, or arbitrary code execution in the context of the affect...
Design/Logic Flaw
Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42...
CVE-2023-28045
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data...
Information leakage vulnerability in Baisou Video HD APP
Baisou Video HD APP is a video player. Baisou Video HD APP has an information disclosure vulnerability. An attacker can exploit the vulnerability to backup the app and obtain sensitive information...
Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability
The version of Fortinet FortiClient running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if...
Avaya IP Office Phone Manager Local Password Disclosure Exploit
No description provided by source. include windows.h include stdio.h include string.h / Filename: exploit.c Title: Avaya IP Office Phone Manager - Cleartext Sensitive Data Vulnerability Exploit v0.01 Author: pagvac Adrian Pastor Date: 24th Feb, 2005 Other info: tested on version 2.013. Compile as...