99 matches found
CVE-2022-44569
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication...
CVE-2023-38688
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...
CVE-2023-31410
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attack...
Security Bulletin: IBM Maximo Manage in IBM Maximo Application Suite is vulnerable to Insecure Communication (CVE-2023-27861)
Summary IBM Maximo Manage in IBM Maximo Application Suite is vulnerable to Insecure Communication. Vulnerability Details CVEID:CVE-2023-27861 DESCRIPTION: IBM Maximo Application Suite - Manage Component transmits sensitive information in cleartext that could be intercepted by an attacker using ma...
Design/Logic Flaw
Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0...
GHSA-89QM-WCMW-3MGG Gitops Run insecure communication
Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...
Kalkitech Sync Products Encryption Issue Vulnerability
Kalkitech Sync Products is a range of substation gateways from Kalkitech India. Kalkitech Sync Products suffers from an encryption issue vulnerability that stems from the use of an insecure communication channel by the management tools Easyconnect and SYNC devices, which can be exploited by an...
Default configuration
Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be transmitted in cleartext...
CVE-2021-29847
BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...
Default configuration
BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...
CVE-2021-29847
CVE-2021-29847 affects IBM Power System BMC/firmware on POWER8 OP825 family (S821LC 8001-12C, OP825.50). The issue arises from a configuration change that allows an authenticated user to open an insecure communication channel, enabling an attacker to obtain sensitive information via a man-in-the-...
CVE-2021-29847
BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...
FSSO Windows DC Agent [FSSO] Insecure communication between DC agent and Collector
An improper authentication vulnerability CWE-287 in FSSO Collector may allow an unauthenticated user to bypass any firewall authentication rule and access the protected network via sending specifically crafted UDP login notification packets...
CVE-2020-15387
The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications...
SUSE: Security Advisory (SUSE-SU-2017:0426-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IBM QRadar SIEM Arbitrary Command Execution Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...
Code injection
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538...
CVE-2020-4979
CVE-2020-4979 affects IBM QRadar SIEM 7.3.x and 7.4.x, where insecure inter‑deployment communication can enable an attacker who can compromise or spoof traffic between hosts to execute arbitrary commands. Root cause is insecure inter‑deployment communications between QRadar components. Impact is ...