The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products allows attackers to intercept existing sessions.

The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products is related to the predictability of random session numbers. Exploiting this vulnerability allows a malicious actor to intercept existing sessions remotely...

The vulnerability of microprogrammed medical devices’ Illumina Universal Copy Service, related to the reliance on open IP addresses, allows a intruder to intercept network traffic and remotely send arbitrary commands.

The vulnerability of microprogrammed medical devices with the Illumina Universal Copy Service is related to their reliance on open IP addresses. Exploiting this vulnerability allows a malicious actor to remotely intercept network traffic and also to send arbitrary commands remotely...

The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of session fixation mechanisms, allows attackers to intercept sessions of other users.

The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of a session fixation mechanism. Exploiting this vulnerability allows a malicious actor to intercept sessions of other users remotely...

ROS-20220524-21

The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...

The vulnerability in the reading mode of Firefox web browsers, Firefox ESR, and the Thunderbird email client allows a hacker to circumvent the established security restrictions.

The vulnerability in the reading mode of Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the reliance on cookie files without checking their validity and integrity when processing the SameSite attribute. Exploiting this vulnerability can allow an attacker to...

Default credentials

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product...

The vulnerability of the KrServerBDdemoRT.exe software module of the SCADA system “KRUG-2000” arises from the failure to encrypt critical information. This vulnerability allows attackers to intercept technological data.

The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” is related to the lack of measures taken to encrypt critical information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to intercept technological data...

The vulnerability of the microprogrammed Wi-Fi camera software of Rubetek RV-3406, RV-3409, and RV-3411 lies in the lack of protection for transmitted data, allowing intruders to intercept and modify video data from the cameras.

The vulnerability of the Microprogrammed Wi-Fi cameras Rubetek RV-3406, RV-3409, and RV-3411 lies in the lack of protection for transmitted data. Exploiting this vulnerability could allow a remote attacker to intercept and modify video data from the cameras...

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

USN-4531-1 busybox vulnerability

It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications...

The vulnerability of the ZingBox Inspector, a network traffic handler, arises due to the failure to take measures to neutralize special elements. This vulnerability allows a violator to unauthorizedly intercept and modify software update packets.

The vulnerability of the ZingBox Inspector network traffic handler exists because special elements are not properly neutralized. Exploiting this vulnerability allows a malicious actor to intercept and modify software update packets remotely and without authorization...

The vulnerability of the vCloud Director platform, related to improper session management, allows a attacker to intercept deleted sessions.

The vulnerability of the vCloud Director platform vCD is related to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept disconnected sessions remotely...

The vulnerability of the microprogrammed programmable logic controller Modicon, related to the use of insufficiently random values, allows a intruder to intercept TCP connections.

The vulnerability of the microprogrammed programmable logic controller Modicon is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to intercept TCP connections remotely...

CVE-2019-11220

An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...

CVE-2019-11220

An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M221 programmable logic controller stems from errors in the implementation of the network module in the UMAS protocol. This vulnerability allows a hacker to intercept the network traffic of the controller.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M221 programmable logic controller is related to the incorrect implementation of the network module in the UMAS protocol. Exploiting this vulnerability allows a malicious actor to intercept the controller’s network...

ALPINE-CVE-2017-12150

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...

Multiple Huawei products CIDAM protocol information leakage vulnerability

Huawei DP300 etc. are products of Huawei, China.DP300 is a videoconferencing terminal.RP200 is an all-in-one videoconferencing device.CIDAM is one of the message transfer protocols. An information disclosure vulnerability exists in the CIDAM protocol in several Huawei products due to the...

The vulnerability of the Cisco IOS operating system, which allows a remote attacker to intercept network traffic.

The Cisco IOS operating system does not perform ARP packet authentication, which allows for intercepting traffic processed by devices running this operating system through ARP spoofing attacks...

sp mode mail issue in the verification of SSL certificates

Overview sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA...