Lucene search
+L

255 matches found

Vulnrichment
Vulnrichment
added 2024/05/24 4:25 p.m.13 views

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...

6.6AI score0.00452EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/24 4:25 p.m.30 views

CVE-2024-36049

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personal...

6.2AI score0.00452EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.6 views

Aptos Wisal payroll 安全漏洞

Aptos Wisal payroll is an enterprise resource planning ERP solution from Aptos Luxembourg focused on the retail industry. A security vulnerability exists in Aptos Wisal payroll versions prior to 7.1.6 that stems from the use of hard-coded credentials. An attacker exploited the vulnerability to...

6.5CVSS6.7AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/04 4:18 p.m.15 views

CVE-2023-38688 twitch-tui's connection is not encrypted

twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including...

7.5CVSS7.5AI score0.00427EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 6:30 p.m.42 views

Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure

Jenkins Active Directory Plugin allows testing a new, unsaved configuration by performing a connection test the button labeled "Test Domain". Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory...

5.9CVSS6.6AI score0.00459EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/07/12 4:15 p.m.38 views

CVE-2023-37943

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Activ...

5.9CVSS5.6AI score0.00459EPSS
Exploits0References2
Prion
Prion
added 2023/07/12 4:15 p.m.25 views

Directory traversal

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Activ...

2.6CVSS5.6AI score0.00459EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/13 10:15 a.m.4 views

CVE-2023-31195

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connection, t...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2023/05/28 12:0 a.m.158 views

CVE-2023-32762

Qt Network in Qt 5.15.14 and earlier, and in Qt 6.x before 6.2.9 (including 6.3.x–6.5.x before 6.5.1), incorrectly parses the Strict-Transport-Security header when its case does not exactly match. This can allow establishing unencrypted connections despite server requests to prohibit SSL/TLS down...

5.3CVSS5.9AI score0.00875EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/13 9:15 p.m.14 views

Design/Logic Flaw

Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...

5CVSS8AI score0.00571EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/13 8:28 p.m.24 views

CVE-2023-0346 CVE-2023-0346

Akuvox E11 cloud login is performed through an unencrypted HTTP connection. An attacker could gain access to the Akuvox cloud and device if the MAC address of a device if known...

7.5CVSS7.8AI score0.00571EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.48 views

K32121038: BIG-IP mcpd vulnerability CVE-2020-5876

Security Advisory Description A race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management...

8.1CVSS7.9AI score0.00571EPSS
Exploits0Affected Software11
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.4 views

SUSE CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

6.5CVSS7.3AI score0.02323EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2014-0417)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.01314EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.119 views

RHEL 8 : mutt (RHSA-2021:4181)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4181 advisory. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and...

6.5CVSS6.3AI score0.02796EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.3 views

PT-2021-4481 · Apache +3 · Apache +3

Name of the Vulnerable Software and Affected Versions: LedgerSMB version 1.8 Description: The issue is related to the absence of the 'Secure' attribute in session authorization cookies when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. This allows an attacker to obtain...

9.6CVSS7.1AI score0.03014EPSS
Exploits1References25
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.39 views

SUSE SLES11 Security Update : mutt (SUSE-SU-2020:14551-1)

The remote SUSE Linux SLES11 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2020:14551-1 advisory. - Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/03/24 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2021-1690)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.02323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/01/20 12:0 a.m.24 views

EulerOS 2.0 SP3 : mutt (EulerOS-SA-2021-1098)

According to the version of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid...

5.3CVSS5.8AI score0.02323EPSS
Exploits0References2
Mageia
Mageia
added 2020/12/05 7:46 p.m.37 views

Updated mutt packages fix a security vulnerability

Mutt before 2.0.2 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted...

5.3CVSS2.7AI score0.02323EPSS
Exploits0References2
Rows per page
Query Builder