5119 matches found
CVE-2022-2324
SonicWall Hosted Email Security (HES) is affected. Versions prior to 10.0.17.7319 contain an improperly implemented security check in the Capture ATP feature, enabling bypass of the Capture ATP security service. The issue could be exploited by an unauthenticated attacker to bypass security contro...
CVE-2022-2324
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions...
PT-2022-15915 · Sonicwall · Sonicwall Hosted Email Security
Name of the Vulnerable Software and Affected Versions: SonicWall Hosted Email Security versions prior to 10.0.17.7319 Description: The issue is related to an improperly implemented security check in the SonicWall Hosted Email Security, which allows for the bypass of the Capture ATP security servi...
CVE-2021-22640
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
CVE-2021-22640
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
Information disclosure
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
CVE-2021-22640
CVE-2021-22640 affects Ovarro TBox RTUs (LT2, MS-CPU32, MS-CPU32-S2, RM2, TG2) and pre-12.4/TWinSoft firmware ≤ 1.46. It discloses credentials: login passwords can be decrypted via network traffic capture and brute force attempts. ICS Advisory ICSA-21-054-04 confirms remote/exploit potential and ...
Missing permission check in Coverity Plugin allows capturing credentials
Coverity Plugin 1.11.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-99MQ-HW5M-GWJJ Missing permission check in Coverity Plugin allows capturing credentials
Coverity Plugin 1.11.4 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-36920
A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-36920
A cross-site request forgery CSRF vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-36921
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2022-4022 · Jenkins · Jenkins Coverity Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Coverity Plugin versions 1.11.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Coverity Plugin, which can be exploited by attackers with Overall/Read permission to connect to an...
ab4yss-wr4iteups
ab4yss-wr4iteups Hi,...
Apple macOS Monterey 缓冲区错误漏洞
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey suffers from a buffer error vulnerability that stems from an application's ability to capture a user's screen...
Apple macOS Monterey 和 Big Sur 权限许可和访问控制问题漏洞
Apple macOS Big Sur and Apple macOS Monterey are products of Apple Inc. Apple macOS Big Sur is the 17th major release of Apple's macOS operating system for the MAC. apple macOS Monterey is the 18th major release of Apple's macOS desktop operating system for the MAC. Apple macOS Monterey is the 18...
PT-2022-21520 · Apple · Macos Monterey +2
Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.6.8 macOS Monterey versions prior to 12.5 Description: A logic issue was addressed with improved checks, which may have allowed an app to capture a user's screen. Recommendations: For macOS Big Sur versions...
Koh - The Token Stealer
Koh is a C and Beacon Object File BOF toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project no license, as well as KB180548. For why this is possible and Koh's approeach, see t...