CVE-2022-38955

An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the...

CVE-2022-38956

An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.11.1.9 and earlier...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

Design/Logic Flaw

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2022-38846

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel HTTP. An attacker may capture the cookie from the insecure channel using MITM attack...

CVE-2022-38846

CVE-2022-38846 affects EspoCRM 7.1.8 with a Missing Secure Flag in cookies, allowing cookies to be sent over HTTP and potentially captured via MITM. Vulnerable component is the cookie security flag handling; impact is exposure of cookies from an insecure channel. The available connected documents...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-8039)

Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server and User Management Service new in BAW 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM...

Nextcloud: nextcloudcmd incorrectly trusts bad TLS certificates

Ref: https://github.com/nextcloud/desktop/issues/4927 Bug description I have a self hosted Nextcloud instance using my own private CA for TLS certs. When running nextcloudcmd without the --trust, it disregards the cert validation failure as "This is not an actual error" and proceeds with the sync...

Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - fix test-system components, enable 'daemon' and 'hardlinks' tests...

CLSA-2022-1662658118 Fix CVE(s): CVE-2022-29154

SECURITY UPDATE: arbitrary file write vulnerability via malicious rsync server MITM attack, refactoring - debian/patches/CVE-2022-29154-0.patch: prepare for CVE-2022-29154 patch - debian/patches/CVE-2022-29154-1.patch: add extra file-list safety checks - CVE-2022-29154...

SUSE SLED15 / SLES15 Security Update : gfbgraph (SUSE-SU-2022:2876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2876-1 advisory. - In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the...

CVE-2022-34624

CVE-2022-34624 affects Mealie 1.0.0beta3, where download tokens are not terminated after logout, enabling a man-in-the-middle via a crafted GET request. The NVD entry lists a CVSS 3.1 base score of 5.9 (MEDIUM) with NETWORK attack vector and HIGH confidentiality impact, and NO exploitation detail...

Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...

CLSA-2022-1660759162 Fixed CVE-2022-29154 in rsync

CVE-2022-29154: fix arbitrary file write vulnerability via malicious rysnc server MITM attack - Add '%check unset DISPLAY ' section but disable broken 'daemon' and 'hardlinks' tests...

Internet Bug Bounty: Pause-based desync in Apache HTTPD

Apache was vulnerable to a pause-based desync. This vulnerability is described in detail in my whitepaper here: https://portswigger.net/research/browser-powered-desync-attackspause Impact This enables server-side HTTP Request Smuggling when Apache is deployed as a back-end server, and it also...

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

Input validation

A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks...

CVE-2022-32210

Undici.ProxyAgent never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via...

CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...

UBUNTU-CVE-2022-32208

When curl 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client...