CVE-2026-6066

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center...

Unspecified Vulnerability in NetIQ Advanced Authentication (CNVD-2024-38198)

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1 that stems from an insufficien...

PYSEC-2023-243

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

Information Exposure

Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure due to allowing remote attackers to read communications between Logstash Forwarder agent and Logstash server. Remediation Upgrade logstash-core to version...

HCL Technologies VersionVault Express Information Disclosure Vulnerability

HCL Technologies VersionVault Express is an intuitive side-by-side comparison viewer from HCL Technologies India.A security vulnerability exists in HCL Technologies VersionVault Express, which stems from the application exposing sensitive information about server communications. An attacker could...

HCL Technologies VersionVault Express 安全漏洞

HCL Technologies VersionVault Express is an intuitive side-by-side comparison viewer from HCL Technologies India.A security vulnerability exists in HCL Technologies VersionVault Express, which stems from the application exposing sensitive information about server communications. An attacker could...

CVE-2022-24319

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo...

suricata-rules

This repository contains Suricata IDS Intrusion Detection System rules for detecting various types of malicious activity, including CobaltStrike, crypto miners, and other threats. The rules are designed to identify specific patterns and behaviors associated with these threats. The rules are...

Qualcomm Data Modem Input Validation Error Vulnerability

Qualcomm Data Modem is a data modem from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Data Modem that stems from a failure to check input validation of certain parameters received from the ePDG server, which could result in a buffer overflow...

[SECURITY] Fedora 31 Update: freetds-1.1.20-1.fc31

FreeTDS is a project to document and implement the TDS Tabular DataStream protocol. TDS is used by SybaseTM and MicrosoftTM for client to database server communications. FreeTDS includes call level interfaces for DB-Lib, CT-Lib, and ODBC...

CVE-2017-0129

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."...