Lucene search
K

160 matches found

Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.3 views

PT-2024-41772

Name of the Vulnerable Software and Affected Versions Ceph affected versions not specified Description An issue exists in Ceph related to incorrect certificate checking when using Pybind. This flaw could allow an attacker to perform a Man In the Middle MITM attack, potentially compromising mail...

5.9AI score0.00029EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/12/01 12:0 a.m.11 views

OwnCloud graphapi 0.2.x < 0.2.1 / 0.3.x < 0.3.1 Sensitive Informations Disclosure

An issue was discovered in OwnCloud graphapi plugin 0.2.x 0.2.1 and 0.3.x 0.3.1. The graphapi plugin relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information includes all th...

10CVSS6.8AI score0.78428EPSS
Exploits5References3
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

LOYTEC LINX-212 Security Vulnerability

The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 version 6.2.4 and LINX-151 version 7.2.4, which originated from a vulnerability that allows an attacker to disclose smtp client account credentials and bypass email authentication via...

7.5CVSS6.9AI score0.01573EPSS
Exploits2References5
OSV
OSV
added 2023/11/03 8:15 p.m.38 views

CVE-2022-3172

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

8.2CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2023/11/03 8:15 p.m.38 views

Design/Logic Flaw

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties...

5.8CVSS8.1AI score0.02464EPSS
Exploits1References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/02 8:21 a.m.5 views

FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength

Overview Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient CWE-1391. Kunal Thakrar and Ceri Coburn of Pen Test...

5.9CVSS6.6AI score0.0035EPSS
Exploits0References6
OSV
OSV
added 2023/11/02 3:15 a.m.4 views

CVE-2023-46327

Multiple MFPs multifunction printers provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encrypti...

5.9CVSS5.8AI score0.0035EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.7 views

The vulnerability of the httpd component’s debug credentials in the microprogramming-based industrial Wi-Fi routers Yifan YF325, due to security flaws in the authentication process, allows attackers to bypass the authentication mechanism.

The vulnerability of the httpd component’s debug credentials in the microprogramming-based industrial Wi-Fi routers Yifan YF325 is related to security flaws in the system. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process remotely...

10CVSS7.7AI score0.53533EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/29 7:15 p.m.3 views

CVE-2023-3251

A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0...

4.9CVSS5.8AI score
Exploits0References1
Huntr
Huntr
added 2023/04/22 4:19 p.m.10 views

SMTP server credentials are returned

Description The vulnerability discovered in the Calibre-Web application is a security flaw in the management of email configurations that allows the SMTP server credentials to be viewed by an account with editing permission. This could allow a malicious user with access to the administrative...

6.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.40 views

Security Bulletin: SNMPv3 server credentials are exposed in log files in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary SNMPv3 server credentials can be read in plaintext from system logs and audit logs accessible to any authenticated user in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products. Vulnerability Details CVEID:CVE-2022-43870 DESCRIPTION: IBM Spectrum...

6.5CVSS6.5AI score0.00632EPSS
Exploits0Affected Software13
NVD
NVD
added 2023/02/22 6:15 p.m.25 views

CVE-2022-43870

IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540...

6.5CVSS6.2AI score0.00632EPSS
Exploits0References2
Veracode
Veracode
added 2023/01/31 12:45 a.m.50 views

Open Redirect

openshift is vulnerable to Open Redirect. The vulnerability exists in the kube-apiserver, which allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties...

8.2CVSS3.2AI score0.02464EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2022/09/01 12:0 a.m.5 views

python-scciclient 信任管理问题漏洞

python-scciclient is a Python ServerView Common Command Interface SCCI client library. A security vulnerability in python-scciclient exists because the server's credentials are not validated when establishing an HTTPS connection to the server allowing an attacker to implement a man-in-the-middle...

7.4CVSS6.9AI score0.00504EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.4 views

宏达国际电子 One/Sense 信任管理问题漏洞

HTC One and HTC Sense are both products of HTC International Electronics HTC, a Chinese company.HTC One is a smartphone.HTC Sense is a user interface for Android and Windows Mobile platforms. A security vulnerability exists in the HTC One/Sense version 4.x, which stems from the email client's...

5.9CVSS6AI score0.00581EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.8 views

CVE-2022-25199

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

8.8CVSS7.3AI score0.00775EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/24 12:0 a.m.6 views

IDEC PLC安全漏洞

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that could allow an attacker to obtain PLC web server user credentials from the communication between the PLC and the software. The following products and versions are affected: FC6A Series MICROSmart...

7.6CVSS7.3AI score0.0039EPSS
Exploits0References7
Prion
Prion
added 2021/08/09 9:15 p.m.12 views

Information disclosure

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials...

4CVSS6.1AI score0.0081EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2021/08/05 9:15 p.m.8 views

DEBIAN-CVE-2021-22923

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...

5.3CVSS6.4AI score0.01843EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/06 12:0 a.m.5 views

Motorola MH702 Trust Management Issues Vulnerability

The Motorola MH702 is a router from Motorola USA. A trust management issue vulnerability exists in Motorola MH702x devices prior to version 2.0.0.301, which can be exploited by an attacker to gain access to a communication channel by failing to properly validate server credentials when...

9.8CVSS7AI score0.00565EPSS
Exploits0References1
Rows per page
Query Builder