66 matches found
CVE-2024-43382
Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
CVE-2024-35161
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4...
PT-2024-20775
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-mongo versions prior to 4.0.0 Description The issue arises when SSL is enabled for the Mongo Hook, and the default settings include allow insecure, which causes certificates not to be validated. This behavior is...
PT-2023-5131 · Microsoft · Windows Mshtml Platform +2
Name of the Vulnerable Software and Affected Versions: Windows MSHTML Platform affected versions not specified Description: The issue is related to errors in security settings, allowing an attacker to bypass existing security restrictions. This can enable attackers to affect the system. There is ...
PT-2023-3815 · Microsoft · Windows Remote Desktop Client +1
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Remote Desktop Client affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass existing security restrictions. This can potentially affect the...
CVE-2022-29832
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...
CVE-2022-29832
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...
Moodle Session Fixation vulnerability
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks...
PT-2022-1968 · Microsoft · Windows Mshtml Platform +1
Name of the Vulnerable Software and Affected Versions: Windows HTML Platforms affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to disclose protected information. It is a security-feature bypass vulnerability that affects...
Netgear NETGEAR 安全漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from a security setting error. The following products and versions are affected...
Netgear NETGEAR 安全漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from a security setting error. The following products and versions are affected...
Netgear NETGEAR 安全漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR devices that stems from a security setting error. The following products and versions are affected...
PT-2021-2065 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to a security feature bypass vulnerability. It may allow a remote attacker to execute arbitrary code or gain unauthorized access to protected...
CVE-2021-25323
The default setting of MISP 2.4.136 did not enable the requirements aka requirepasswordconfirmation to provide the previous password when changing a password...
Microsoft Windows: Get RSOP_SecuritySettings
The RSOPSecuritySettings WMI class is the abstract class from which other RSoP security classes derive. Instances of this class are not logged. This class was added for Windows XP. The RSOPSecuritySettingNumeric WMI class represents the numeric security setting for an account policy. Account...
sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user
It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...
CVE-2017-18756
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32,...
Siemens Polarion Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Description Siemens Polarion is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...
CVE-2018-1680
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236...
Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system.(CVE-2018-1524)
Summary IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. Vulnerability Details CVEID: CVE-2018-1524 DESCRIPTION: IBM Maximo Asset...