CVE-2023-25740

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-522
View all →

Vulnerability Description

After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.

Related Vulnerabilities

CVE-2016-9593

HIGH
CVSS:8.8(High)

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those s...

CWE-5222016

CVE-2017-15656

HIGH
CVSS:8.8(High)

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

CWE-5222017

CVE-2017-7547

HIGH
CVSS:8.8(High)

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by ...

CWE-5222017

CVE-2018-1000610

HIGH
CVSS:8.8(High)

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionCo...

CWE-5222018

CVE-2018-10286

HIGH
CVSS:8.8(High)

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certai...

CWE-5222018

CVE-2018-4190

HIGH
CVSS:8.8(High)

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected....

CWE-5222018