3289 matches found
Input validation
Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...
Input validation
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001...
CVE-2022-29733
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...
Information disclosure
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack...
MITM_Intercept - A Little Bit Less Hackish Way To Intercept And Modify non-HTTP Protocols Through Burp And Others
A little bit less hackish way to intercept and modify non-HTTP protocols through Burp and others with SSL and TLS interception support. This tool is for researchers and applicative penetration testers that perform thick clients security assesments. An improved version of the fantastic mitmrelay...
The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices, which stems from the transmission of data in an open manner via the HTTP protocol, allows attackers to intercept traffic and disrupt the operation of the devices.
The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the transmission of data in an open manner via the HTTP protocol. Exploiting this vulnerability can allow a remote attacker to intercept traffic and disrupt the operation of the device...
The vulnerability of the CURL command-line utility that implements the HSTS (HTTP Strict Transport Security) mechanism allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the HSTS HTTP Strict Transport Security mechanism implemented in the cURL command utility is related to errors in the use of host names. Exploiting this vulnerability can allow a attacker to intercept traffic and gain unauthorized access to protected information...
ALPINE-CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
Code injection
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
UBUNTU-CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
CVE-2022-30783
An invalid return code in fusekernmount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite...
GHSA-RGHW-6PX2-FGWC Improper Certificate Validation in MongoDB
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
Improper Certificate Validation in Apache Netbeans
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. "Apache NetBeans" versions up to and including 11.2 are...
GHSA-HVM4-MC7M-22W4 OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch c...
OpenStack Neutron vulnerable to hardware address impersonation
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch c...
GHSA-W8HX-F868-PVCH Openstack Neutron has Insufficient Verification of IPv6 addresses
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...