Lucene search
K

944 matches found

Vulnrichment
Vulnrichment
added 2022/07/06 8:30 p.m.19 views

CVE-2022-20752 Cisco Unified Communications Products Timing Attack Vulnerability

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...

5.3CVSS6.7AI score0.00967EPSS
Exploits0References1
OSV
OSV
added 2022/06/24 8:15 a.m.6 views

CVE-2022-31806

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...

9.8CVSS5.8AI score0.01118EPSS
Exploits0References1
NVD
NVD
added 2022/06/24 8:15 a.m.25 views

CVE-2022-31806

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...

9.8CVSS0.01118EPSS
Exploits0References1
Prion
Prion
added 2022/06/24 8:15 a.m.20 views

Design/Logic Flaw

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...

6.8CVSS9.4AI score0.01118EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/06/24 7:46 a.m.32 views

CVE-2022-31806 Insecure default settings in CODESYS Runtime Toolkit 32 bit full and CODESYS PLCWinNT

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...

9.8CVSS9.6AI score0.01118EPSS
Exploits0References1
CVE
CVE
added 2022/06/24 7:46 a.m.81 views

CVE-2022-31806

CVE-2022-31806 affects CODESYS V2 PLCWinNT and Runtime Toolkit 32-bit, prior to version V2.4.7.57, due to insecure/default password protection not enabled and no prompt to enable at login when no password exists. Public sources (CISA ICS advisory ICSA-25-329-05) describe potential consequences as...

9.8CVSS9.6AI score0.01118EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/06/24 12:0 a.m.5 views

PT-2022-20946 · 3S Smart Software Solutions · Codesys V2 Plcwinnt +1

Name of the Vulnerable Software and Affected Versions: CODESYS V2 PLCWinNT and Runtime Toolkit 32 versions prior to V2.4.7.57 Description: The issue concerns password protection not being enabled by default. In cases where no password is set at the controller, there is no information or prompt to...

9.8CVSS9.5AI score0.01118EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/06/23 10:0 a.m.2 views

CVE-2022-31806

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller...

9.8CVSS5.4AI score0.01118EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.5 views

PT-2022-3096 · Omron · Omron Cs Series

Name of the Vulnerable Software and Affected Versions: Omron CS series, CJ series, and CP series PLCs through 2022-05-18 Description: The issue concerns the transmission of confidential information in cleartext, specifically passwords used for the UM Protection setting. This setting allows users ...

7.8CVSS7.7AI score0.00533EPSS
Exploits0References8
CNVD
CNVD
added 2022/06/08 12:0 a.m.29 views

Owl Labs Meeting Owl Licensing Issue Vulnerability (CNVD-2022-64972)

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Featuring a series of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive, Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to ...

7.4CVSS2.8AI score0.00829EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

Owl Labs Meeting Owl 访问控制错误漏洞

Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Featuring a series of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive, Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to ...

7.4CVSS5.6AI score0.00829EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.33 views

Jenkins Assembla Plugin has Insufficiently Protected Credentials

Assembla Plugin stores the Assembla password unencrypted in its global configuration file jenkins.plugin.assembla.AssemblaProjectProperty.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, ther...

5.5CVSS3.7AI score0.00348EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/24 8:13 a.m.58 views

CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

4.3CVSS3.9AI score0.01015EPSS
Exploits0References1
CVE
CVE
added 2022/05/20 4:0 p.m.82 views

CVE-2022-29163

CVE-2022-29163 affects Nextcloud Server: prior to versions 22.2.6 and 23.0.3, a user could create a link that is not password protected even when admin-required password protection is enforced. A patch exists in 22.2.6 and 23.0.3. No public workarounds are listed. Upgrade to 22.2.6+ or 23.0.3+ to...

4.3CVSS4.2AI score0.01015EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 5:52 a.m.6 views

GHSA-JW8F-Q84G-R3VM phpBB vulnerable to sensitive information disclosure

Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum...

8.7CVSS6.3AI score0.011EPSS
Exploits0References8
Prion
Prion
added 2022/05/16 3:15 p.m.15 views

Improper access control

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integri...

4CVSS5AI score0.01166EPSS
Exploits1References2Affected Software1
Malwarebytes
Malwarebytes
added 2022/05/04 4:0 p.m.19 views

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to a smaller staff that doesn’t have the time to do everything that is recommended ...

0.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/26 6:15 p.m.3 views

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

5.5CVSS5.9AI score0.0024EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/04/26 5:49 p.m.28 views

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

5.8AI score0.0024EPSS
Exploits0References3
CVE
CVE
added 2022/04/26 5:49 p.m.60 views

CVE-2022-28218

CipherMail Webmail Messenger versions 1.1.1–4.1.4 are affected by a local-attack vulnerability where secret keys stored in the Roundcube configuration file, used to protect Webmail user passwords and 2FA, can be accessed by an attacker with local access. This exposes confidentiality of credential...

5.5CVSS5.5AI score0.0024EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder