939 matches found
CVE-2022-44020
CVE-2022-44020 affects OpenStack Sushy-Tools up to 0.21.0 and VirtualBMC up to 2.2.2. The issue occurs when changing the boot device configuration, which removes password protection from the managed libvirt XML domain. This risk is disclosed as affecting an "unsupported, production-like configura...
CVE-2022-44020
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...
PT-2022-27083 · Openstack · Openstack Sushy-Tools
Name of the Vulnerable Software and Affected Versions: OpenStack Sushy-Tools versions 0.21.0 and earlier VirtualBMC versions 2.2.2 and earlier Description: An issue was discovered where changing the boot device configuration with the affected packages removes password protection from the managed...
CVE-2022-44020
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...
Brave Android 1.45.113 Security Fixes
Added additional password protection for Brave Wallet show private key. Upgraded Chromium to 107.0.5304.62 — refer to Google Chrome advisories for inherited CVEs...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
InfoZip UnZip Buffer Overflow (CVE-2018-1000035)
A heap buffer overflow vulnerability exists in InfoZip UnZip. The vulnerability is due to insufficient handling of password protected zip files. A remote attacker can exploit this vulnerability by enticing a target user into extracting a maliciously crafted zip file...
CVE-2022-30312
The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller...
PT-2022-7467 · Unknown · Masterscada
Name of the Vulnerable Software and Affected Versions: MasterSCADA affected versions not specified Description: The issue is related to weaknesses in the password protection mechanism of the project file in the MasterSCADA system. Exploitation of this issue could allow an attacker to gain...
Design/Logic Flaw
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
Intel® AMT and Intel® Standard Manageability Advisory
Summary: Potential security vulnerabilities in the Intel® Active Management Technology AMT and Intel® Standard Manageability may allow escalation of privilege or information disclosure. Intel is releasing prescriptive guidance to mitigate these potential vulnerabilities. Vulnerability Details:...
Missing rate limit when trying to join a password protected Nextcloud Talk conversation
None...
CISA and ACSC Release Top 2021 Malware Strains
CISA and the Australian Cyber Security Centre ACSC have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been...
CVE-2022-20752
A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...
CVE-2022-20752 Cisco Unified Communications Products Timing Attack Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...
CVE-2022-31806
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
CVE-2022-31806
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
Design/Logic Flaw
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
CVE-2022-31806
CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...