Lucene search
K

119 matches found

OSV
OSV
added 2024/10/23 11:15 a.m.5 views

CVE-2023-50310

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

7.5CVSS5.8AI score0.0039EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/18 12:0 a.m.3 views

Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A trust management issue vulnerabili...

8.6CVSS6.5AI score0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.6 views

N-able Ecosystem Agent 安全漏洞

N-able Ecosystem Agent is an agent system from N-able Canada. A security vulnerability exists in N-able Ecosystem Agent that stems from not properly validating SSL/TLS certificates, which could allow a malicious actor to perform man-in-the-middle operations and intercept traffic between the agent...

3.8CVSS6.6AI score0.00295EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-36335 · N Able · Ecosystem Agent

Name of the Vulnerable Software and Affected Versions: Ecosystem Agent versions 4.0 through 4.1.5.2597 Ecosystem Agent versions 5.0 through 5.1.4.2473 Description: The issue is related to the improper validation of SSL/TLS certificates. This could allow a malicious actor to perform a...

3.8CVSS7.1AI score0.00295EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/09 12:52 p.m.4 views

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

8.1CVSS6.9AI score0.01742EPSS
Exploits0References4
OSV
OSV
added 2024/06/07 3:15 p.m.3 views

CVE-2024-36788

Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...

4.8CVSS5.8AI score0.00268EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.4 views

PT-2024-23560 · Unknown · Ros2 Iron Irwini

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions 2 Description: An issue has been discovered where the system transmits messages in plaintext, exposing sensitive information and making it vulnerable to man-in-the-middle MitM attacks. This allows attackers to...

6.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.6 views

PT-2023-7965 · Unknown · Rtu500 Scripting Interface

Name of the Vulnerable Software and Affected Versions: RTU500 Scripting interface affected versions not specified Description: A vulnerability exists in the RTU500 Scripting interface component. When a client connects to a server using TLS, the server presents a certificate that links a public ke...

7.5CVSS7.1AI score0.00316EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2023/10/30 11:24 a.m.4 views

google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

9.1CVSS5.9AI score0.01587EPSS
Exploits1References4
OSV
OSV
added 2023/07/20 3:15 p.m.0 views

DEBIAN-CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.5AI score0.0039EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.4 views

PT-2023-23270 · Unknown · Piigab M-Bus

Name of the Vulnerable Software and Affected Versions: PiiGAB M-Bus affected versions not specified Description: The issue concerns the transmission of credentials in plaintext format. This means that when credentials are sent over the network, they are not encrypted, potentially allowing...

7.5CVSS7.3AI score0.00571EPSS
Exploits0References3
OSV
OSV
added 2023/06/19 5:15 a.m.11 views

CVE-2023-27396

FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...

9.8CVSS5.9AI score0.01385EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.6 views

PT-2023-19291 · Unknown · Skybridge Mb-A200 +1

Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A200 versions 01.00.05 and earlier SkyBridge BASIC MB-A130 versions 1.4.1 and earlier Description: The issue is related to an improper following of a certificate's chain of trust, which may allow a remote unauthenticated attacker...

6.5CVSS7AI score0.00456EPSS
Exploits0References9
OSV
OSV
added 2023/02/27 8:15 p.m.4 views

CVE-2022-32906

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

5.3CVSS5.8AI score0.00353EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.4 views

SUSE CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...

7.8CVSS7.4AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2023/02/01 10:15 p.m.5 views

CVE-2022-3913

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...

5.3CVSS5.8AI score0.00308EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.7 views

Rapid7 Nexpose 信任管理问题漏洞

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can utilize scanning results to deeply probe the network. The software supports scanning of configuration environments for errors, vulnerabilities, malware, and more. A security vulnerability exists in Rapid7...

5.3CVSS6.1AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.5 views

PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App

Name of the Vulnerable Software and Affected Versions: Selfwealth iOS mobile App version 3.3.1 Description: The issue concerns Insecure App Transport Security ATS Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for...

7.5CVSS7.2AI score0.00593EPSS
Exploits0References4
OSV
OSV
added 2023/01/18 7:15 p.m.4 views

CVE-2023-22863

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109...

5.9CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2022/09/21 4:15 p.m.3 views

CVE-2022-41243

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

8.1CVSS5.8AI score0.00539EPSS
Exploits0References1
Rows per page
Query Builder