5122 matches found
CVE-2024-31905 IBM QRadar Network Packet Capture information disclosure
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...
CVE-2024-31905 IBM QRadar Network Packet Capture information disclosure
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...
CVE-2024-31905
IBM QRadar Network Packet Capture 7.5 is affected by CVE-2024-31905 due to failure to properly enable HTTP Strict Transport Security, enabling man-in-the-middle–style access to sensitive information. The issue is network-exploitable (AV:N, AC:H, PR:N, UI:N, S:U) with confidentiality impact HIGH a...
IBM QRadar Network Packet Capture 安全漏洞
IBM QRadar Network Packet Capture is an optional QRadar appliance from International Business Machines IBM that can be used to store and manage data when no other network packet capture is available. A security vulnerability exists in IBM QRadar Network Packet Capture version 7.5 that stems from ...
CVE-2024-7408
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...
The vulnerability of the Screen Capture function in browsers such as Google Chrome and Microsoft Edge allows a malicious actor to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the Screen Capture function in Google Chrome and Microsoft Edge browsers is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrary code, o...
CVE-2024-38890
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...
CVE-2024-38890
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...
CVE-2024-38890
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...
CVE-2024-38890
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...
CVE-2024-38890
CVE-2024-38890 affects Horizon Business Services Inc. Caterease Software versions 16.0.1.1663 through 24.0.1.2405 (potentially later) and enables a local attacker to bypass authentication via a capture-replay attack due to insufficient protection against capture-replay. The Red Hat, NVD, CVE reco...
PT-2024-28262 · Horizon Business Services Inc. · Caterease
Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease Software versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against...
Meta to pay $1.4 billion over unauthorized facial recognition image capture
Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to “stop the company’s practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law.” The prime reason for the initial lawsuit that led to the...
Dahua ASI7213X-T1 Authentication Bypass By Capture-Replay (CVE-2022-30563)
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Dahua ASI7213X-T1 Authentication Bypass By Capture-Replay (CVE-2022-30561)
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...
Dahua Security Cameras Missing Authentication for Critical Function (CVE-2019-3948)
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH- SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R a...
CVE-2024-41670
In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...
CVE-2024-41670 PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard
In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...
CVE-2024-41684 Cookie Without Secure Flag Set Vulnerability
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system...
Google Chrome < 126.0.6367.182 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 126.0.6367.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop advisory. - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182...