Lucene search
K

93 matches found

CNNVD
CNNVD
added 2024/05/17 12:0 a.m.7 views

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that stems from the...

6.7CVSS6.7AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.6 views

PT-2024-19948

Name of the Vulnerable Software and Affected Versions Client Deploy Tool affected versions not specified Description An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Recommendations At the moment...

6.7CVSS6.5AI score0.00157EPSS
Exploits0References5
OSV
OSV
added 2024/05/14 2:57 p.m.1 views

CVE-2024-22345

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

IBM TXSeries for Multiplatforms 安全漏洞

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 8.2 that...

7.5CVSS6.8AI score0.00521EPSS
Exploits0References3
NVD
NVD
added 2023/12/12 12:15 p.m.26 views

CVE-2023-48427

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

9.8CVSS0.00383EPSS
Exploits0References1
OSV
OSV
added 2023/12/12 12:15 p.m.4 views

CVE-2023-48427

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

9.8CVSS5.7AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/12 11:27 a.m.27 views

CVE-2023-48427

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

8.1CVSS9.4AI score0.00383EPSS
Exploits0References1
CVE
CVE
added 2023/12/12 11:27 a.m.47 views

CVE-2023-48427

Siemens SINEC INS (all versions

9.8CVSS7.3AI score0.00383EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2023/12/12 12:0 a.m.51 views

Siemens SINEC INS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS7.8AI score0.03658EPSS
Exploits1References12
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.7 views

Siemens SINEC INS 信任管理问题漏洞

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity...

9.8CVSS7AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.5 views

PT-2023-29497 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the use of the HTTP protocol instead of HTTPS to retrieve sensitive information, including IP addresses and credentials for a remote MQTT broker entity...

8.8CVSS8.5AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/27 12:0 a.m.5 views

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

6.2AI score0.00538EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.5 views

Hashicorp Boundary 安全漏洞

HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. It automates identity-based secure user access to hosts and services across environments. A security vulnerability exists in versions of Hashicorp Boundary prior to 0.9.1, which can be exploited by an attacker to...

6.1CVSS6.3AI score0.00538EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.7 views

The vulnerability of the microprogrammed software of Modicon M241 and Modicon M251 control units lies in the insufficient protection of registration data, allowing attackers to intercept login credentials and access the web application.

The vulnerability of the microprogrammed logic controllers Modicon M241 and Modicon M251 is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to intercept login credentials and gain access to the web application...

7.8CVSS7.8AI score0.0225EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2022/02/09 11:15 p.m.6 views

CVE-2022-0162

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perfo...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.7 views

Tp-link TL-WR841N 安全漏洞

The Tp-link TL-WR841N is a wireless router from China P&L Tp-link. The Tp-link TL-WR841N is vulnerable to a trust management issue, which can be exploited by a remote attacker to intercept credentials and subsequently perform management operations on an affected device via the web-based managemen...

9.8CVSS5.7AI score0.0067EPSS
Exploits0References2
OSV
OSV
added 2022/02/04 2:15 a.m.6 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.5CVSS5.8AI score0.03798EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/02/04 1:33 a.m.26 views

CVE-2021-45735

TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...

7.9AI score0.03798EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.7 views

TotoLink X5000R 授权问题漏洞

The TotoLink X5000R is a router from China's Gion Electronics TotoLink. The TOTOLINK X5000R v9.1.0u.6118B20201102 suffers from an authorization issue vulnerability that allows attackers to intercept user credentials via packet capture software...

7.5CVSS7.4AI score0.03798EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2021/08/18 9:54 a.m.3 views

activemq: improper authentication allows MITM attack

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS7.3AI score0.04561EPSS
Exploits0References4
Rows per page
Query Builder