Lucene search
+L

66 matches found

Cvelist
Cvelist
added 2024/10/30 12:0 a.m.27 views

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/09/09 6:41 a.m.24 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...

7.5CVSS7AI score0.0097EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-20775

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-mongo versions prior to 4.0.0 Description The issue arises when SSL is enabled for the Mongo Hook, and the default settings include allow insecure, which causes certificates not to be validated. This behavior is...

9.1CVSS7.2AI score0.0062EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.4 views

PT-2023-5131 · Microsoft · Windows Mshtml Platform +2

Name of the Vulnerable Software and Affected Versions: Windows MSHTML Platform affected versions not specified Description: The issue is related to errors in security settings, allowing an attacker to bypass existing security restrictions. This can enable attackers to affect the system. There is ...

7CVSS9.4AI score0.02252EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/07/11 12:0 a.m.5 views

PT-2023-3815 · Microsoft · Windows Remote Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Remote Desktop Client affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. This can potentially affect the...

7.1CVSS9.3AI score0.00508EPSS
Exploits0References7
NVD
NVD
added 2022/11/25 12:15 a.m.31 views

CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

6.5CVSS0.00611EPSS
Exploits0References3
OSV
OSV
added 2022/11/25 12:15 a.m.7 views

CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

6.5CVSS5.7AI score0.00611EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:13 a.m.10 views

Moodle Session Fixation vulnerability

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks...

6.8CVSS6.7AI score0.0181EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.5 views

PT-2022-1968 · Microsoft · Windows Mshtml Platform +1

Name of the Vulnerable Software and Affected Versions: Windows HTML Platforms affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to disclose protected information. It is a security-feature bypass vulnerability that affects...

7.1CVSS5.4AI score0.33063EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/12/26 12:0 a.m.11 views

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from a security setting error. The following products and versions are affected...

7.2CVSS7AI score0.00624EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/26 12:0 a.m.4 views

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from a security setting error. The following products and versions are affected...

8.2CVSS6.5AI score0.00481EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/26 12:0 a.m.5 views

Netgear NETGEAR 安全漏洞

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from a security setting error. The following products and versions are affected...

9.8CVSS8.2AI score0.01079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/02/04 12:0 a.m.5 views

PT-2021-2065 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to a security feature bypass vulnerability. It may allow a remote attacker to execute arbitrary code or gain unauthorized access to protected...

6.4CVSS6AI score0.01332EPSS
Exploits0References9
Cvelist
Cvelist
added 2021/01/19 3:30 p.m.28 views

CVE-2021-25323

The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...

9.4AI score0.01312EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/25 12:0 a.m.36 views

Microsoft Windows: Get RSOP_SecuritySettings

The RSOPSecuritySettings WMI class is the abstract class from which other RSoP security classes derive. Instances of this class are not logged. This class was added for Windows XP. The RSOPSecuritySettingNumeric WMI class represents the numeric security setting for an account policy. Account...

7.5AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/04/28 3:48 p.m.5 views

sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user

It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...

7.5CVSS7.1AI score0.03295EPSS
Exploits0References5
OSV
OSV
added 2020/04/22 5:15 p.m.3 views

CVE-2017-18756

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32,...

8.8CVSS5.8AI score0.00547EPSS
Exploits0References1
Symantec
Symantec
added 2019/11/25 12:0 a.m.36 views

Siemens Polarion Multiple Cross Site Scripting and HTML Injection Vulnerabilities

Description Siemens Polarion is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

0.5AI score
Exploits0References1Affected Software2
OSV
OSV
added 2019/04/02 2:29 p.m.4 views

CVE-2018-1680

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236...

7.5CVSS5.8AI score0.01484EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/31 4:5 p.m.34 views

Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system.(CVE-2018-1524)

Summary IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. Vulnerability Details CVEID: CVE-2018-1524 DESCRIPTION: IBM Maximo Asset...

9CVSS0.3AI score0.01873EPSS
Exploits0Affected Software8
Rows per page
Query Builder