255 matches found
CVE-2024-36049
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...
CVE-2024-36049
Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...
Aptos Wisal payroll 安全漏洞
Aptos Wisal payroll is an enterprise resource planning ERP solution from Aptos Luxembourg focused on the retail industry. A security vulnerability exists in Aptos Wisal payroll versions prior to 7.1.6 that stems from the use of hard-coded credentials. An attacker exploited the vulnerability to...
CVE-2023-38688 twitch-tui's connection is not encrypted
twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...
Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure
Jenkins Active Directory Plugin allows testing a new, unsaved configuration by performing a connection test the button labeled "Test Domain". Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory...
CVE-2023-37943
Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Activ...
Directory traversal
Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Activ...
CVE-2023-31195
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connection, t...
CVE-2023-32762
Qt Network in Qt 5.15.14 and earlier, and in Qt 6.x before 6.2.9 (including 6.3.x–6.5.x before 6.5.1), incorrectly parses the Strict-Transport-Security header when its case does not exactly match. This can allow establishing unencrypted connections despite server requests to prohibit SSL/TLS down...
Design/Logic Flaw
Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...
CVE-2023-0346 CVE-2023-0346
Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...
K32121038: BIG-IP mcpd vulnerability CVE-2020-5876
Security Advisory Description A race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management...
SUSE CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
Mageia: Security Advisory (MGASA-2014-0417)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : mutt (RHSA-2021:4181)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4181 advisory. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and...
PT-2021-4481 · Apache +3 · Apache +3
Name of the Vulnerable Software and Affected Versions: LedgerSMB version 1.8 Description: The issue is related to the absence of the 'Secure' attribute in session authorization cookies when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. This allows an attacker to obtain...
SUSE SLES11 Security Update : mutt (SUSE-SU-2020:14551-1)
The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2020:14551-1 advisory. - Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was...
Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2021-1690)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : mutt (EulerOS-SA-2021-1098)
According to the version of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid...
Updated mutt packages fix a security vulnerability
Mutt before 2.0.2 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted...