944 matches found
CVE-2022-20752 Cisco Unified Communications Products Timing Attack Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...
CVE-2022-31806
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
CVE-2022-31806
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
Design/Logic Flaw
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
CVE-2022-31806 Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
CVE-2022-31806
CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...
PT-2022-20946 · 3S Smart Software Solutions · Codesys V2 Plcwinnt +1
Name of the Vulnerable Software and Affected Versions: CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions prior to V2.4.7.57 Description: The issue concerns password protection not being enabled by default. In cases where no password is set at the controller, there is no information or prompt to...
CVE-2022-31806
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...
PT-2022-3096 · Omron · Omron Cs Series
Name of the Vulnerable Software and Affected Versions: Omron CS series, CJ series, and CP series PLCs through 2022-05-18 Description: The issue concerns the transmission of confidential information in cleartext, specifically passwords used for the UM Protection setting. This setting allows users ...
Owl Labs Meeting Owl Licensing Issue Vulnerability (CNVD-2022-64972)
Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Featuring a series of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive, Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to ...
Owl Labs Meeting Owl 访问控制错误漏洞
Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Featuring a series of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive, Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to ...
Jenkins Assembla Plugin has Insufficiently Protected Credentials
Assembla Plugin stores the Assembla password unencrypted in its global configuration file jenkins.plugin.assembla.AssemblaProjectProperty.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, ther...
CVE-2022-29163
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
CVE-2022-29163
CVE-2022-29163 affects Nextcloud Server: prior to versions 22.2.6 and 23.0.3, a user could create a link that is not password protected even when admin-required password protection is enforced. A patch exists in 22.2.6 and 23.0.3. No public workarounds are listed. Upgrade to 22.2.6+ or 23.0.3+ to...
GHSA-JW8F-Q84G-R3VM phpBB vulnerable to sensitive information disclosure
Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...
Improper access control
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...
8 security tips for small businesses
Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to a smaller staff that doesn’t have the time to do everything that is recommended ...
CVE-2022-28218
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...
CVE-2022-28218
An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...
CVE-2022-28218
CipherMail Webmail Messenger versions 1.1.1–4.1.4 are affected by a local-attack vulnerability where secret keys stored in the Roundcube configuration file, used to protect Webmail user passwords and 2FA, can be accessed by an attacker with local access. This exposes confidentiality of credential...