358 matches found
Privilege escalation
Insufficiently protected credentials for IntelR AMT and IntelR Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access...
CVE-2022-26844
Insufficiently protected credentials in the installation binaries for IntelR SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2022-26844
Insufficiently protected credentials in the installation binaries for IntelR SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access...
Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709) (remote check)
The Intel Management Engine on the remote host has Active Management Technology AMT enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following: - Insufficiently protected credentials for IntelR AMT and IntelR Standard...
Intel Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00709)
Binary data wmiINTEL-SA-00709.nbin...
Intel® AMT and Intel® Standard Manageability Advisory
Summary: Potential security vulnerabilities in the Intel® Active Management Technology AMT and Intel® Standard Manageability may allow escalation of privilege or information disclosure. Intel is releasing prescriptive guidance to mitigate these potential vulnerabilities. Vulnerability Details:...
Debian DSA-5197-1 : curl - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5197 advisory. Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information,...
Design/Logic Flaw
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888...
CVE-2022-33169
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2128)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2153)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...
CVE-2021-22640 Ovarro TBox Insufficiently Protected Credentials
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
AlmaLinux 8 : curl (5313) (ALSA-2022:5313)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5313 advisory. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without...
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2022-2087)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2022-2107)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...
Rocky Linux 8 : curl (RLSA-2022:5313)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5313 advisory. - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections withou...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-1991)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections...
Oracle Linux 9 : curl (ELSA-2022-5245)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5245 advisory. - fix too eager reuse of TLS and SSH connections CVE-2022-27782 - fix leak of SRP credentials in redirects CVE-2022-27774 - fix credential leak on...
Oracle Linux 8 : curl (ELSA-2022-5313)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5313 advisory. - fix too eager reuse of TLS and SSH connections CVE-2022-27782 - fix credential leak on redirect CVE-2022-27774 - fix auth/cookie leak on redirect...
Secheron SEPCOS Control and Protection Relay
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Secheron Equipment: SEPCOS Control and Protection Relay Vulnerabilities: Improper Enforcement of Behavioral Workflow, Lack of Administrator Control over Security, Improper Privilege Management,...