Design/Logic Flaw

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

CVE-2020-4903

IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105...

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...

CVE-2021-25347

Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed...

Samsung Email application 授权问题漏洞

Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. A security vulnerability exists in the Samsung Email application version, which can be exploited by an attacker to intercept the provider at the time of...

Man-in-the-Middle (MitM)

mongodb-client-encryption is vulnerable to man-in-the-middle attacks. The module does not perform correct validation of the KMS servers certificate and would potentially allow for man-in-the-middle attackers to intercept and modify network traffic...

Design/Logic Flaw

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

Design/Logic Flaw

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

CVE-2021-20328

CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...

PT-2021-13886 · Mongodb · Mongodb-Client-Encryption

Name of the Vulnerable Software and Affected Versions: mongodb-client-encryption module version 1.2.0 Description: The issue arises from the mongodb-client-encryption module's failure to correctly validate the KMS server's certificate. This could allow an attacker with a privileged network positi...

MongoDB Java driver client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

CVE-2021-22702

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor...

Design/Logic Flaw

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

The vulnerability of the microprogrammed network router Advantech BB-ERT351, related to the default use of the HTTP protocol, allows a hacker to intercept administrator credentials and other confidential information.

The vulnerability of the microprogrammed network router Advantech BB-ERT351 is related to the default use of the HTTP protocol during the implementation of the “Basic HTTP Authentication” method. Exploiting this vulnerability allows a malicious actor to intercept administrator credentials and oth...

openSUSE Security Update : MozillaFirefox (openSUSE-2021-222)

This update for MozillaFirefox fixes the following issues : - Firefox Extended Support Release 78.7.0 ESR MFSA 2021-04, bsc1181414 - CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests - CVE-2021-23954: Fixed a type confusion when using logical assignment operator...

Slack: Lack of URL normalization renders Blocked-Previews feature ineffectual

Slack has a feature known as Blocked Previewsblocked-previews, which allows Workspace Owners and Admins to specify a list of URLs for which no link preview should occur. The point of this feature is to reduce clutter and prevent harmful content from getting embedded in the workspace. However, whe...

MGASA-2021-0066 Updated thunderbird packages fix security vulnerabilities

Cross-origin information leakage via redirected PDF requests. CVE-2021-23953 Type confusion when using logical assignment operators in JavaScript switch statements. CVE-2021-23954 IMAP Response Injection when using STARTTLS. CVE-2020-15685 HTTPS pages could have been intercepted by a registered...

Updated thunderbird packages fix security vulnerabilities

Cross-origin information leakage via redirected PDF requests. CVE-2021-23953 Type confusion when using logical assignment operators in JavaScript switch statements. CVE-2021-23954 IMAP Response Injection when using STARTTLS. CVE-2020-15685 HTTPS pages could have been intercepted by a registered...

Man-in-the-Middle (MitM)

apache cassandra is vulnerable to Man-in-the-Middle MitM. When using ‘dc or ‘rack internodeencryption setting, both an encrypted and unencrypted connection are allowed due to insecure configurations. A man-in-the-middle attacker is able to intercept and modify network traffic...