1344 matches found
minio -- MITM attack
minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipp...
Low: Red Hat Security Advisory: Red Hat Integration Tech-Preview 3 Camel K security update
An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Low. A Common...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-26564
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session...
CVE-2021-20327
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
Design/Logic Flaw
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
UBUNTU-CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328 MongoDB Java driver client-side field level encryption not verifying KMS host name
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...
CVE-2021-20327
CVE-2021-20327 affects the Node.js mongodb-client-encryption library, specifically version 1.2.0, which does not perform proper validation of the KMS server certificate. This can enable an attacker with privileged network access to perform a MITM and intercept traffic between the Node.js driver a...
CVE-2021-20327 MongoDB Node.js client side field level encryption library may not be validating KMS certificate
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...
MongoDB Node.js client side field level encryption library may not be validating KMS certificate
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...
Code injection
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack...
CentOS 8 : container-tools:rhel8 (CESA-2020:4694)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4694 advisory. - containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters CVE-2020-10749 - QEMU: slirp: networking out-of-bound...
PT-2021-2204 · Siemens · C-Plug +2
Name of the Vulnerable Software and Affected Versions: SCALANCE X-200 switch family incl. SIPLUS NET variants versions prior to V5.2.5 SCALANCE X-200IRT switch family incl. SIPLUS NET variants versions prior to V5.5.0 SCALANCE X-200RNA switch family versions prior to V3.2.7 Description: A...
nexus2-oss -- Apache ActiveMQ JMX vulnerability
Sonatype reports: CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack...
CVE-2020-4841
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID:...