Lucene search
K

5122 matches found

Vulnrichment
Vulnrichment
added 2024/08/15 4:56 p.m.13 views

CVE-2024-31905 IBM QRadar Network Packet Capture information disclosure

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS6AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/15 4:56 p.m.19 views

CVE-2024-31905 IBM QRadar Network Packet Capture information disclosure

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2024/08/15 4:56 p.m.60 views

CVE-2024-31905

IBM QRadar Network Packet Capture 7.5 is affected by CVE-2024-31905 due to failure to properly enable HTTP Strict Transport Security, enabling man-in-the-middle–style access to sensitive information. The issue is network-exploitable (AV:N, AC:H, PR:N, UI:N, S:U) with confidentiality impact HIGH a...

5.9CVSS6AI score0.00303EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/15 12:0 a.m.3 views

IBM QRadar Network Packet Capture 安全漏洞

IBM QRadar Network Packet Capture is an optional QRadar appliance from International Business Machines IBM that can be used to store and manage data when no other network packet capture is available. A security vulnerability exists in IBM QRadar Network Packet Capture version 7.5 that stems from ...

5.9CVSS6.3AI score0.00303EPSS
Exploits0References4
OSV
OSV
added 2024/08/12 1:38 p.m.4 views

CVE-2024-7408

This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/08/09 12:0 a.m.6 views

The vulnerability of the Screen Capture function in browsers such as Google Chrome and Microsoft Edge allows a malicious actor to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the Screen Capture function in Google Chrome and Microsoft Edge browsers is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information, execute arbitrary code, o...

10CVSS5.8AI score0.00473EPSS
Exploits1References9Affected Software6
OSV
OSV
added 2024/08/02 3:16 p.m.2 views

CVE-2024-38890

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...

8.4CVSS5.8AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2024/08/02 3:16 p.m.23 views

CVE-2024-38890

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...

8.4CVSS0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/02 12:0 a.m.11 views

CVE-2024-38890

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...

7AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/02 12:0 a.m.39 views

CVE-2024-38890

An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks...

0.00214EPSS
Exploits0References2
CVE
CVE
added 2024/08/02 12:0 a.m.30 views

CVE-2024-38890

CVE-2024-38890 affects Horizon Business Services Inc. Caterease Software versions 16.0.1.1663 through 24.0.1.2405 (potentially later) and enables a local attacker to bypass authentication via a capture-replay attack due to insufficient protection against capture-replay. The Red Hat, NVD, CVE reco...

8.4CVSS6.8AI score0.00214EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.4 views

PT-2024-28262 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease Software versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against...

8.4CVSS6.4AI score0.00214EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2024/07/31 4:7 p.m.13 views

Meta to pay $1.4 billion over unauthorized facial recognition image capture

Texas Attorney General Ken Paxton has announced a $1.4 billion settlement with Meta to “stop the company’s practice of capturing and using the personal biometric data of millions of Texans without the authorization required by law.” The prime reason for the initial lawsuit that led to the...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.33 views

Dahua ASI7213X-T1 Authentication Bypass By Capture-Replay (CVE-2022-30563)

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.4CVSS7.3AI score0.00856EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.11 views

Dahua ASI7213X-T1 Authentication Bypass By Capture-Replay (CVE-2022-30561)

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more informatio...

5.9CVSS6.2AI score0.00701EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.24 views

Dahua Security Cameras Missing Authentication for Critical Function (CVE-2019-3948)

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH- SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R a...

7.5CVSS7.2AI score0.26697EPSS
Exploits5References5
NVD
NVD
added 2024/07/26 3:15 p.m.13 views

CVE-2024-41670

In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...

7.5CVSS0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/26 2:46 p.m.17 views

CVE-2024-41670 PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard

In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...

7.5CVSS7.4AI score0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/26 11:34 a.m.28 views

CVE-2024-41684 Cookie Without Secure Flag Set Vulnerability

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to missing secure flag for the session cookies associated with the router's web management interface. An attacker with remote access could exploit this by intercepting transmission within an HTTP session on the vulnerable system...

6.9CVSS6.9AI score0.00207EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.27 views

Google Chrome < 126.0.6367.182 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 126.0.6367.182. It is, therefore, affected by multiple vulnerabilities as referenced in the 202407stable-channel-update-for-desktop advisory. - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182...

9.6CVSS7.7AI score0.00781EPSS
Exploits10References17
Rows per page
Query Builder