Lucene search
K

233 matches found

Cvelist
Cvelist
added 2024/05/08 3:37 p.m.23 views

CVE-2024-28971

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...

3.5CVSS4.1AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2024/05/08 3:37 p.m.52 views

CVE-2024-28971

The CVE-2024-28971 entry corresponds to Dell Update Manager Plugin versions 1.4.0–1.5.0, with a plain-text password storage vulnerability in the log file that could lead to disclosure of user credentials. Multiple connected sources confirm the issue and potential credential exposure; exploitation...

4.9CVSS6.5AI score0.0025EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.8 views

PT-2024-22654 · Dell · Dell Update Manager Plugin

Name of the Vulnerable Software and Affected Versions: Dell Update Manager Plugin versions 1.4.0 through 1.5.0 Description: The issue concerns a Plain-text Password Storage Vulnerability in the log file of the Dell Update Manager Plugin. A remote high privileged attacker could potentially exploit...

4.9CVSS7AI score0.0025EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.5 views

Dell Update Manager Plugin 安全漏洞

Dell Update Manager Plugin is an update management plugin from Dell USA. A security vulnerability exists in Dell Update Manager Plugin versions 1.4.0 through 1.5.0, which stems from a log file containing plain text passwords, resulting in the disclosure of certain user credentials...

4.9CVSS6.6AI score0.0025EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:16 a.m.3 views

CVE-2023-51574

Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. T...

9.8CVSS5.8AI score0.01553EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Voltronic Power ViewPower 安全漏洞

Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A security bypass vulnerability exists in Voltronic Power ViewPower that stems from a specific flaw in the updateManagerPassword method, which can be exploited by an attacker to bypass...

9.8CVSS6.8AI score0.01553EPSS
Exploits0References2
OSV
OSV
added 2024/04/01 10:15 p.m.4 views

CVE-2023-51573

Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...

9.8CVSS7.4AI score0.45744EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.8 views

The vulnerability of the `updateManagerPassword` method in the software for managing power supply sources of Voltronic Power ViewPower allows a perpetrator to bypass the authentication process and gain unauthorized access to the software.

The vulnerability of the updateManagerPassword method in the software for managing power supply sources of Voltronic Power ViewPower is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...

10CVSS7.7AI score0.01553EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/01/11 12:0 a.m.7 views

The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro allows a intruder to bypass the authentication process and gain unauthorized access to the software.

The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...

10CVSS7.7AI score0.45744EPSS
Exploits0References5
NVD
NVD
added 2022/03/10 5:43 p.m.46 views

CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

7.8CVSS0.00394EPSS
Exploits1References3
OSV
OSV
added 2022/03/10 5:43 p.m.2 views

CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

7.8CVSS5.8AI score0.00394EPSS
Exploits1References3
Prion
Prion
added 2022/03/10 5:43 p.m.17 views

Code injection

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

7.2CVSS7.6AI score0.00394EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.4 views

otris Update Manager 授权问题漏洞

otris Update Manager is used by otris for compliance digitization. A security vulnerability exists in otris Update Manager 1.2.1.0 that allows local users to gain access to SYSTEM via unauthenticated calls and allows remote attacks on HTTP traffic on TCP port 9000 using WsHTTPBinding...

7.8CVSS7.4AI score0.00394EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/03/07 3:41 a.m.21 views

CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

7.8AI score0.00394EPSS
Exploits1References3
CVE
CVE
added 2022/03/07 3:41 a.m.84 views

CVE-2021-40376

CVE-2021-40376 affects otris Update Manager 1.2.1.0. The vulnerability allows local users to obtain SYSTEM privileges by sending unauthenticated calls to exposed interfaces via a .NET named pipe. A remote attack may be possible by abusing WsHTTPBinding for HTTP traffic on TCP port 9000. CVSS data...

7.8CVSS7.5AI score0.00394EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/01/04 4:15 p.m.6 views

CVE-2021-45389

A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864...

9.8CVSS5.7AI score0.01166EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/04 3:40 p.m.13 views

CVE-2021-45389

A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864...

10AI score0.01166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/01/04 12:0 a.m.5 views

PT-2022-12338 · Starwind · Starwind Command Center +1

Name of the Vulnerable Software and Affected Versions: StarWind SAN and NAS build 1578 StarWind Command Center build 6864 Description: A flaw was found with the JWT token, allowing a self-signed JWT token to be injected into the update manager and bypass the authentication process, thus escalatin...

9.8CVSS9.6AI score0.01166EPSS
Exploits0References4
ICS
ICS
added 2021/12/02 12:0 a.m.43 views

Hitachi Energy PCM600 Update Manager

1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Hitachi Energy Equipment: PCM600 Update Manager Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass the certificate validation and install an untrusted software...

6.7CVSS6.5AI score0.00124EPSS
Exploits0References5
OSV
OSV
added 2021/10/28 1:15 p.m.4 views

CVE-2021-22278

A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed...

6.7CVSS6.6AI score0.00124EPSS
Exploits0References2
Rows per page
Query Builder