Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
security secret server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-34746
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote malicious user to bypass authentication and log in to an affected device as an administrator. T...
Cisco Enterprise Nfv Infrastructure Software
1 Article
9.8
CVSSv3
CVE-2020-4459
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395.
Ibm Security Secret Server
9.8
CVSSv3
CVE-2019-4640
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
Ibm Security Secret Server
9.8
CVSSv3
CVE-2012-3503
The installation script in Katello 1.0 and previous versions does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote malicious users to authenticate to the CloudForms System Engi...
Theforeman Katello
Redhat Enterprise Linux Server 6.0
9.8
CVSSv3
CVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Mit Kerberos 5
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
Fedoraproject Fedora 8
Fedoraproject Fedora 7
9.8
CVSSv3
CVE-2005-1689
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and previous versions allows remote malicious users to execute arbitrary code via certain error conditions.
Mit Kerberos 5
Apple Mac Os X Server
Apple Mac Os X
Debian Debian Linux 3.1
Debian Debian Linux 3.0
9.8
CVSSv3
CVE-2004-0772
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and previous versions may allow remote malicious users to execute arbitrary code.
Mit Kerberos 5
Openpkg Openpkg 2.0
Openpkg Openpkg 2.1
Debian Debian Linux 3.0
9.6
CVSSv3
CVE-2023-40029
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 int...
Linuxfoundation Argo Continuous Delivery
8.8
CVSSv3
CVE-2023-20038
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local malicious user to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static ke...
Cisco Industrial Network Director
8.6
CVSSv3
CVE-2023-51442
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON We...
Navidrome Navidrome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »