GHSA-W8HX-F868-PVCH Openstack Neutron has Insufficient Verification of IPv6 addresses

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...

ROS-20220524-21

The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...

The vulnerability in the reading mode of Firefox web browsers, Firefox ESR, and the Thunderbird email client allows a hacker to circumvent the established security restrictions.

The vulnerability in the reading mode of Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the reliance on cookie files without checking their validity and integrity when processing the SameSite attribute. Exploiting this vulnerability can allow an attacker to...

CVE-2022-29874

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device...

ROS-20220518-02

A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...

GHSA-9PP3-CVMQ-9P22 OpenStack Neutron Intended MAC-spoofing protection mechanism bypass

The IPTables firewall in OpenStack Neutron up to 7.0.4 and 8.x before 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via 1 a crafted DHCP discovery message or 2 crafted non-IP traffic...

GHSA-G7CF-WG27-QW87 Jenkins secure flag not set on session cookies

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session...

OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message...

GHSA-QPWC-P365-PQRR OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message...

GHSA-3VJ4-CVJP-482H OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

OpenStack Neutron allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

Missing Encryption of Sensitive Data in Apache Guacamole

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

CVE-2021-27768

Using the ability to perform a Man-in-the-Middle MITM attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode...

CVE-2021-27768 An SSL certificate host verification vulnerability affects HCL Verse for Android

Using the ability to perform a Man-in-the-Middle MITM attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode...

Ransom.Satana Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/46bfd4f1d581d7c0121d2b19a005d3df.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Satana Vulnerability: Code Execution Description: Satana searches for and loads a D...

Mobile subscription Trojans and their little tricks

Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...

Trojan-Ransom.LockerGoga Code Execution

Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/3b200c8173a92c94441cb062d38012f6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.LockerGoga Vulnerability: Code Execution Description: LockerGoga looks f...

CVE-2022-20678

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could...

MTN Group: Information Disclosure Leads To User Data Leak

Information disclosure is when a web application fails to properly protect confidential information, which causes revealing sensitive information or data of the users or anything related to users to any third party. Summary: Am able to get any MTN users data such as FULL NAME, CUSTOMER TYPE AND...

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure

Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...