Lucene search
K

17 matches found

OSV
OSV
added 2026/03/02 7:52 p.m.7 views

GHSA-MPP2-X7WV-38HV NocoDB has Plaintext Storage of Shared View Passwords

Summary Shared view passwords were stored in plaintext in the database and compared using direct string equality. Details The password column in ncviews stored unhashed passwords. Verification used !== comparison across public-datas.service.ts, public-metas.service.ts, and...

6.9CVSS5.9AI score0.00194EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/02 7:52 p.m.5 views

NocoDB has Plaintext Storage of Shared View Passwords

Summary Shared view passwords were stored in plaintext in the database and compared using direct string equality. Details The password column in ncviews stored unhashed passwords. Verification used !== comparison across public-datas.service.ts, public-metas.service.ts, and...

6.9CVSS5.9AI score0.00194EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-7958

Malware in sbrugna...

4CVSS7.3AI score0.01692EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43407

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.0051EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.2 views

SUSE CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog...

4CVSS6.5AI score0.01692EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/05/22 1:16 p.m.102 views

Google Stored G Suite Passwords in Plaintext Since 2005

Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...

7.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2019/05/22 7:49 a.m.1 views

Google Stored G Suite Users' Passwords in Plain-Text for 14 Years

After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users' passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them. In a blog post published Tuesday, Google revealed that it...

6.6AI score
Exploits0
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.22 views

Amazon Linux: Security Advisory (ALAS-2015-501)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02108EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/04/02 12:0 a.m.27 views

Amazon Linux AMI : 389-ds-base (ALAS-2015-501)

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

5CVSS7AI score0.02108EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.36 views

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20150305)

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

5CVSS7AI score0.02108EPSS
Exploits0References3
OSV
OSV
added 2015/03/14 6:44 p.m.9 views

MGASA-2015-0108 Updated 389-ds-base packages fix security vulnerabilities

An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive...

5CVSS5.6AI score0.02108EPSS
Exploits0References3
OSV
OSV
added 2015/03/10 2:59 p.m.1 views

DEBIAN-CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog...

4CVSS7AI score0.01692EPSS
Exploits0References1
OSV
OSV
added 2015/03/10 2:59 p.m.7 views

CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog...

5.5AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2015/03/10 2:59 p.m.22 views

CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog...

4CVSS7.1AI score0.01692EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/03/10 2:0 p.m.24 views

CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog...

5.5AI score0.01692EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/03/06 12:0 a.m.24 views

RedHat Update for 389-ds-base RHSA-2015:0416-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.02108EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/03/05 9:26 a.m.2 views

389-ds-base: password hashing bypassed when "nsslapd-unhashed-pw-switch" is set to off

It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to "off", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information...

4CVSS5.7AI score0.01692EPSS
Exploits0References4
Rows per page
Query Builder