DEBIAN-CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

UBUNTU-CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

CVE-2024-3094 Xz: malicious code in distributed source

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

GHSA-H6X7-R5RG-X5FW Serverpod client accepts any certificate

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...

Facebook spied on Snapchat users to get analytics about the competition

Social media giant Facebook snooped on Snapchat users network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. Thats according to a court document filed March 23, 2024. The document mentions Facebook’s so-called In-App Action Panel IAAP program,...

Responsive Tabs < 4.0.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Go to "Tab Sets Add New" in W...

Canada revisits decision to ban Flipper Zero

In February 2024 the Canadian government announced plans to ban the sale of the Flipper Zero, mainly because of its reported use to steal cars. The Flipper Zero is a portable device that can be used in penetration testing with a focus on wireless devices and access control systems. If that doesnt...

CVE-2024-2728

Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol...

CVE-2024-2728 Information exposure vulnerability in the CIGESv2 system

Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol...

CIGESv2 信息泄露漏洞

CIGESv2 is a queue and reservation management system from CIGESv2. CIGESv2 suffers from an information disclosure vulnerability that stems from the lack of a proper implementation of the TLS protocol, allowing a local attacker to intercept traffic...

PT-2024-21790 · Cigesv2 · Cigesv2

Name of the Vulnerable Software and Affected Versions: CIGESv2 system affected versions not specified Description: The issue is related to an information exposure vulnerability in the CIGESv2 system. This could allow a local attacker to intercept traffic due to the lack of proper implementation o...

CVE-2024-28756

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle MitM attacker to read and alter all network traffic between the application and the server...

Unspecified Vulnerability in Selesta Visual Access Manager (CNVD-2025-22662)

Selesta Visual Access Manager is a visual access manager from Selesta. A security vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to modify and receive ID-related computer POST parameters via POST HTTP request interception...

CVE-2023-50811

An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many...

CVE-2023-50811

SELESTA Visual Access Manager 4.38.6 is affected by CVE-2023-50811. The vulnerability allows an attacker to modify the POST parameter named “computer” that encodes the ID of a specific reception via HTTP POST interception. By iterating this parameter, an attacker can gain access to the applicatio...

CVE-2024-2371 Information exposure vulnerability in Korenix JetI/O 6550

Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials...

CVE-2024-2371

CVE-2024-2371 affects Korenix JetI/O 6550 on firmware F208 Build:0817. The underlying issue is information exposure via the SNMP protocol, which transmits data in plaintext, allowing an attacker to intercept traffic and retrieve credentials (confidentiality impact reported as HIGH in CVSS). Docum...

1Panel open source panel project has an unauthorized vulnerability.

Impact The steps are as follows: 1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. 2. Use Burp to intercept: When opening the browser and entering the URL allowing the first intercepted packet through Burp, the following is displayed: It is fou...

BIT-VAULT-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...