PT-2020-15476 · Jenkins · Jenkins Mailer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mailer Plugin versions 1.32 and earlier Description: The issue is related to the lack of hostname validation when connecting to the configured SMTP server. This could be exploited using a man-in-the-middle attack to intercept...

GHSA-WGW3-GF4P-62XC Command Injection in wizard-syncronizer

All versions of wizard-syncronizer are vulnerable to Command Injection. The package does not validate input on the cloneAndSync function and concatenates it to an exec call. This can be abused through a malicious widget containing the payload in the gitURL value or through a MITM attack since the...

Command Injection in wizard-syncronizer

All versions of wizard-syncronizer are vulnerable to Command Injection. The package does not validate input on the cloneAndSync function and concatenates it to an exec call. This can be abused through a malicious widget containing the payload in the gitURL value or through a MITM attack since the...

Man-in-the-Middle (MitM)

activemq-broker is vulnerable to man-in-the-middleMitM attack. It binds the server to jmxrmi entry after creating JMX RMI registry using LocateRegistry.createRegistry, leading to the connection to the registry without authentication and allowing rebinding of jmxrmi to any other entity. Therefore,...

BLURtooth vulnerability exposes devices to MITM attack

By Sudais Asif The attacks carried out by exploiting BLURtooth vulnerability are being referred to as the BLUR attacks. This is a post from HackRead.com Read the original post: BLURtooth vulnerability exposes devices to MITM attack...

Downloads Resources over HTTP in apk-parser

apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

Man-in-the-Middle (MitM)

ansible is vulnerable to man-in-the-middle MitM. The vulnerability exists as the dnf module does not perform validation of GPG signatures during the installation of packages...

CVE-2020-15588

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM...

ASUS Home Router Bugs Open Consumers to Snooping Attacks

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices – and eavesdrop on all of the traffic and data that flows through them. The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router’s firmware update functionality...

Debian DLA-2281-1 : evolution-data-server security update

Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks. For Debian 9 stretch, this problem has been fixed in version 3.22.7-1+deb9u1. We recommend that you upgrade your evolution-data-server packages. For the...

Code injection

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle MITM attack...

MITM in Repository Import - CVE-2020-14171

Affected versions of Atlassian Bitbucket Server allow remote attackers to intercept unencrypted repository import requests via Man-in-the-Middle MITM attack. Affected versions: 4.9.0 = version 7.2.4 Fixed versions: 7.2.4 7.3.0...

CVE-2019-16252

Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data...

CVE-2020-3929

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages...

Information disclosure

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages...

CVE-2020-3929 GeoVision Door Access Control Device - Shared cryptographic keys

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages...

CVE-2020-12714

An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow...

Nintendo: [3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks

Affected Systems - Platform: New Nintendo 3DS - Region: ALL - System version: = 11.13 Description The SSL system module does not properly validate the x509 certificates when establishing an SSL/TLS connection. Actually, the SSL system module does not check the signatures when validating a...

CVE-2020-11957

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number Pairing Random with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with...

Code injection

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number Pairing Random with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with...