18 matches found
CVE-2022-27609
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it...
PT-2025-49499
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The encryption algorithms within the kernel’s virt/coco/sev-guest component directly read from and write to shared unencrypted memory. This practice could potentially expose information...
EUVD-2022-32110
Malicious code in bioql PyPI...
EUVD-2024-20961
Malicious code in bioql PyPI...
CVE-2023-21414
NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering commonly known as Secure Boot contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AX...
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection
An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...
CVE-2024-23463
CVE-2024-23463 affects Zscaler Client Connector on Windows prior to 4.2.1. The anti-tampering protection can be bypassed when using the Repair App functionality, per connected sources (e.g., PT-2024-19886 and RH/CVE-2024-23463). Root cause is bypass of the built-in tamper protection during Repair...
PT-2024-19886 · Zscaler · Zscaler Client Connector
Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.1 Description: The anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Recommendations: For versions prio...
CVE-2023-5553
During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...
PT-2023-18185 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A flaw has been discovered in the protection for device tampering, commonly known as Secure Boot, which provides an opportunity for a sophisticated attack to bypass this protection. The iss...
CakePHP SecurityComponent cross form submission issue
Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues...
PT-2023-33038 · Unknown · Securitycomponent
Name of the Vulnerable Software and Affected Versions: Software versions prior to 2.4.8 and 1.3.18 Description: The issue allows forms secured by SecurityComponent to be submitted to any action without triggering the tampering protection. This could lead to mass assignment issues in applications...
CVE-2022-27609
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it...
CVE-2022-27609
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it...
Design/Logic Flaw
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it...
CVE-2019-1040
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC Message Integrity Check protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features. To exploit...
MGASA-2015-0064 Updated owasp-esapi-java packages fix CVE-2013-5679
Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...