Lucene search
K

92 matches found

RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.3 views

activemq: improper authentication allows MITM attack

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS7.3AI score0.04561EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/02/19 12:0 a.m.6 views

The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to the default use of the HTTP protocol, allows a hacker to intercept administrator credentials and other confidential information.

The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to intercept administrator credentials and oth...

10CVSS7.2AI score0.00776EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/01/13 5:27 p.m.4 views

kubernetes: compromised node could escalate to cluster level privileges

A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...

6.8CVSS7.2AI score0.061EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2020/12/16 12:36 p.m.3 views

kubernetes: compromised node could escalate to cluster level privileges

A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...

6.8CVSS7.2AI score0.061EPSS
Exploits3References5
OSV
OSV
added 2020/09/10 7:15 p.m.2 views

DEBIAN-CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS6.8AI score0.04561EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/10 12:0 a.m.9 views

PT-2020-13781 · Apache +2 · Apache Activemq +2

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.12 Description: The issue allows an attacker to connect to the JMX RMI registry without authentication and rebind the jmxrmi entry. By creating a proxy server, an attacker can intercept user credentials...

10CVSS7.1AI score0.99654EPSS
Exploits33References64
Vulnrichment
Vulnrichment
added 2020/09/09 6:13 p.m.7 views

CVE-2020-15791

A vulnerability has been identified in SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 CPU family incl. SIPLUS variants All versions, SIMATIC WinAC RTX F 2010 All versions, SINUMERIK 840D sl All versions. The authentication protocol between a...

6.8AI score0.00712EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/05 9:17 p.m.3 views

containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launc...

6.4CVSS7.3AI score0.01604EPSS
Exploits0References4
OSV
OSV
added 2019/09/11 8:15 p.m.4 views

CVE-2019-11769

An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user...

7.8CVSS7.2AI score0.00439EPSS
Exploits0References2
CVE
CVE
added 2019/09/11 7:44 p.m.1057 views

CVE-2019-11769

CVE-2019-11769 affects TeamViewer 14.2.2558. The issue arises when updating as a non-administrative user, where GUI-entered administrative credentials are processed in Teamviewer.exe and can be intercepted in cleartext in the non-admin process memory. This enables a local attacker to obtain crede...

7.8CVSS7.6AI score0.00439EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2015/03/12 4:34 p.m.22 views

itBit Exchange: ITBit Vulnerable to SSLSTrip

www.itbit.com details: High Level, description It is possible for a malicious user to capture credential information of a www.itbit.com user with the use of SSLStrip. The scenario is that if a user is in a internet cafe and browses the internet while a malicious user intercepts his traffic, the w...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2013/05/01 12:0 a.m.17 views

Forticlient VPN Client Credential Interception

We found this one year ago. Although most versions have been patched we haven't seen any public info on this yet. FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY ============================================================ Description ----------- The Fortinet FortiClient VPN client o...

7.4AI score
Exploits0
Rows per page
Query Builder