263 matches found
Unbound Configuration Injection Vulnerability
Unbound is a DNS resolver that supports validation, recursion, and caching features. A configuration injection vulnerability exists in createunboundadservers.sh in versions of Unbound prior to 1.9.5. A man-in-the-middle attacker can exploit this vulnerability to inject configuration via a plainte...
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
UBUNTU-CVE-2019-25031
Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...
Synology DiskStation Manager Sensitive Information Plaintext Transfer Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A sensitive information clear text transfer vulnerability exists in synorelay...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
Session fixation
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...
Design/Logic Flaw
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
Design/Logic Flaw
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26565
Synology DiskStation Manager (DSM) prior to version 6.2.3-25426-3 contains a cleartext transmission vulnerability in synorelayd that can allow MITM attackers to obtain sensitive information via HTTP sessions. The issue affects DSM running on Synology NAS devices and is documented in multiple sour...
CVE-2021-26565
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-26564
CVE-2021-26564 is a vulnerability in Synology DiskStation Manager (DSM) due to cleartext transmission in the synorelayd component prior to version 6.2.3-25426-3. The flaw allows man-in-the-middle attackers to spoof servers via an HTTP session, exposing sensitive information. Connected sources ali...
CVE-2021-26560
CVE-2021-26560 affects Synology DiskStation Manager (DSM) prior to 6.2.3-25426-3 via the synoagentregisterd service. The issue involves cleartext HTTP transmission during server discovery (the /finder/server response and subsequent domain parsing), enabling MITM disclosure and server spoofing. TA...
CVE-2021-26560
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...