Lucene search
+L

99 matches found

Cvelist
Cvelist
added 2023/11/03 6:13 p.m.33 views

CVE-2022-44569

A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication...

8.8CVSS7.9AI score0.00761EPSS
Exploits1References1
NVD
NVD
added 2023/08/04 5:15 p.m.41 views

CVE-2023-38688

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...

7.5CVSS7.5AI score0.00427EPSS
Exploits0References3
NVD
NVD
added 2023/06/19 3:15 p.m.16 views

CVE-2023-31410

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attack...

9.8CVSS9.3AI score0.00302EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 11:50 p.m.29 views

Security Bulletin: IBM Maximo Manage in IBM Maximo Application Suite is vulnerable to Insecure Communication (CVE-2023-27861)

Summary IBM Maximo Manage in IBM Maximo Application Suite is vulnerable to Insecure Communication. Vulnerability Details CVEID:CVE-2023-27861 DESCRIPTION: IBM Maximo Application Suite - Manage Component transmits sensitive information in cleartext that could be intercepted by an attacker using ma...

5.9CVSS5.6AI score0.00338EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/03/06 11:15 a.m.33 views

Design/Logic Flaw

Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0...

5CVSS7.5AI score0.00672EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/09 7:45 p.m.86 views

GHSA-89QM-WCMW-3MGG Gitops Run insecure communication

Impact GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local s3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information...

7.3CVSS6.6AI score0.00239EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/09 1:1 p.m.8 views

CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

7.3CVSS7.6AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/09 1:1 p.m.38 views

CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

7.3CVSS8.1AI score0.00239EPSS
Exploits0References3
CNVD
CNVD
added 2022/01/10 12:0 a.m.41 views

Kalkitech Sync Products Encryption Issue Vulnerability

Kalkitech Sync Products is a range of substation gateways from Kalkitech India. Kalkitech Sync Products suffers from an encryption issue vulnerability that stems from the use of an insecure communication channel by the management tools Easyconnect and SYNC devices, which can be exploited by an...

8.1CVSS8AI score0.00916EPSS
Exploits0References1
Prion
Prion
added 2021/12/30 10:15 p.m.15 views

Default configuration

Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be transmitted in cleartext...

7.2CVSS6.5AI score0.00173EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/15 8:15 p.m.11 views

CVE-2021-29847

BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...

5.9CVSS0.0099EPSS
Exploits0References2
Prion
Prion
added 2021/12/15 8:15 p.m.21 views

Default configuration

BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...

4.3CVSS5.2AI score0.0099EPSS
Exploits0References2Affected Software5
CVE
CVE
added 2021/12/15 5:5 p.m.39 views

CVE-2021-29847

CVE-2021-29847 affects IBM Power System BMC/firmware on POWER8 OP825 family (S821LC 8001-12C, OP825.50). The issue arises from a configuration change that allows an authenticated user to open an insecure communication channel, enabling an attacker to obtain sensitive information via a man-in-the-...

5.9CVSS5.2AI score0.0099EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/15 5:5 p.m.13 views

CVE-2021-29847

BMC firmware IBM Power System S821LC Server 8001-12C OP825.50 configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267...

5.3CVSS5.4AI score0.0099EPSS
Exploits0References2
Fortinet
Fortinet
added 2021/07/07 12:0 a.m.42 views

FSSO Windows DC Agent [FSSO] Insecure communication between DC agent and Collector

An improper authentication vulnerability CWE-287 in FSSO Collector may allow an unauthenticated user to bypass any firewall authentication rule and access the protected network via sending specifically crafted UDP login notification packets...

5.8CVSS9.1AI score0.01031EPSS
Exploits0Affected Software2
NVD
NVD
added 2021/06/09 4:15 p.m.13 views

CVE-2020-15387

The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7.4.2h, v8.2.1c, v8.2.2, v9.0.0, and Brocade SANnav before v2.1.1 utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications...

7.4CVSS0.00491EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2017:0426-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.33199EPSS
Exploits16References14
CNVD
CNVD
added 2021/05/06 12:0 a.m.6 views

IBM QRadar SIEM Arbitrary Command Execution Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...

9.8CVSS6.9AI score0.01604EPSS
Exploits0References1
Prion
Prion
added 2021/05/05 4:15 p.m.21 views

Code injection

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538...

7.5CVSS9.2AI score0.01604EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/05 3:45 p.m.50 views

CVE-2020-4979

CVE-2020-4979 affects IBM QRadar SIEM 7.3.x and 7.4.x, where insecure inter‑deployment communication can enable an attacker who can compromise or spoof traffic between hosts to execute arbitrary commands. Root cause is insecure inter‑deployment communications between QRadar components. Impact is ...

9.8CVSS9.3AI score0.01604EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder