254 matches found
Moderate: Red Hat Security Advisory: rh-mariadb105-galera and rh-mariadb105-mariadb security and bugfix update
An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ABB REX640 Incorrect Permission Assignment for Critical Resource (CVE-2022-1596)
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. - Incorrect Permission Assignment for Critical...
CVE-2022-34174
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
CVE-2022-34174
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
Default credentials
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
CVE-2022-34174
CVE-2022-34174 affects Jenkins 2.355 and earlier (and LTS 2.332.3 and earlier) where an observable timing discrepancy on the login form can distinguish between login attempts with an invalid username versus a valid username and wrong password when using the Jenkins user database security realm; t...
CVE-2022-34174
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...
Code injection
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...
CVE-2022-1596 ABB Relion REX640 Insufficient file access control
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...
ABB REX640 安全漏洞
The ABB REX640 is an all-in-one protection relay from ABB Switzerland. It is suitable for various advanced power distribution scenarios. ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 A security vulnerability exists in the ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 A security vulnerability, which stems...
CVE-2021-37413
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...
CVE-2021-37413
GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...
GHSA-37WM-28RM-56VW Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name...
Cross-Site Request Forgery in Jenkins
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in th...
PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...
PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believ...
CVE-2019-14477
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted...
AdRem NetCrunch Trust Management Issues Vulnerability
Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. AdRem NetCrunch 10.6.0.4587 suffers from a Trust Management Issue...
Image stock site 123RF hacked; 8.3M user database leaked
By Waqas According to our analysis, 123RF suffered a data breach earlier this year in March and leaked on a hacker forum on November 8th. This is a post from HackRead.com Read the original post: Image stock site 123RF hacked; 8.3M user database leaked...