Lucene search
K

159 matches found

Prion
Prion
added 2022/06/24 3:15 p.m.17 views

Command injection

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials...

4.3CVSS6.7AI score0.0029EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/24 3:0 p.m.59 views

CVE-2022-1524

CVE-2022-1524 affects Illumina Local Run Manager (LRM) versions 2.4 and lower, where lack of TLS encryption enables potential MITM disclosure of in-transit data, including credentials. Connected advisories specify LC/LRM exposure and a patch release to mitigate the issue, with remediation guidanc...

7.4CVSS6.1AI score0.0029EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/24 3:0 p.m.9 views

CVE-2022-1524 3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials...

7.4CVSS7.5AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/24 3:0 p.m.25 views

CVE-2022-1524 3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319

LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials...

7.4CVSS7.6AI score0.0029EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2022/06/15 3:25 p.m.16 views

Record breaking HTTPS DDoS attack

Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/15 6:16 a.m.21 views

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second RPS distributed denial-of-service DDoS attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/06 11:58 a.m.40 views

CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Food and Drug Administration FDA have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing NGS software. Three of the flaws are rated 10 out of 10 for severity on the Common...

4.2AI score0.01633EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/16 4:3 p.m.25 views

Security Bulletin: Avoiding Weak SSL/TLS Encryption in IBM System x and Flex Systems (CVE-2013-4030)

Summary Encryption with symmetric keys shorter than 128 bits is considered more vulnerable to attack than encryption with keys 128 bits or longer. Several SSL/TLS cipher suites include encryption with keys shorter than 128 bits. Vulnerability Details Abstract Encryption with symmetric keys shorte...

4.3CVSS0.00947EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.26 views

Slackware: Security Advisory (SSA:2013-322-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS8.8AI score0.09017EPSS
Exploits0References2
CVE
CVE
added 2022/03/08 11:31 a.m.93 views

CVE-2021-42017

CVE-2021-42017 affects Siemens RUGGEDCOM ROS and associated RuggedCom devices (e.g., i800/i801/.../RSG2100, RS900 family, RMC8388, etc.), where third-party components expose a vulnerability from CBC-mode TLS implementations in TLS 1.0–1.2. The issue enables a man-in-the-middle to eavesdrop on enc...

5.9CVSS5.5AI score0.00454EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2021/12/08 7:28 p.m.24 views

Not with a Bang but a Whisper: The Shift to Stealthy C2

As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat APT malware and the billion-dollar infosec...

7.2AI score
Exploits0References3
Prion
Prion
added 2021/11/22 4:15 p.m.25 views

Sql injection

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1...

5.1CVSS7.9AI score0.00961EPSS
Exploits0References4Affected Software4
Amazon
Amazon
added 2021/11/15 12:0 a.m.54 views

Medium: curl

Issue Overview: A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could...

7.5CVSS6.6AI score0.04224EPSS
Exploits2
CNVD
CNVD
added 2021/11/11 12:0 a.m.17 views

Siemens Climatix POL909 (AWM) Information Disclosure Vulnerability

Siemens Climatix Pol909 is an intelligent network module from Siemens, Germany. security vulnerability exists in versions prior to Siemens Climatix POL909 AWM module V11.34, which stems from the fact that the web server of the affected device does not use TLS encryption when transmitting data. An...

7.4CVSS2.6AI score0.00408EPSS
Exploits0References1
NVD
NVD
added 2021/11/09 12:15 p.m.22 views

CVE-2021-40366

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...

7.4CVSS0.00408EPSS
Exploits0References1
CVE
CVE
added 2021/11/09 11:32 a.m.64 views

CVE-2021-40366

CVE-2021-40366 affects Siemens Climatix POL909 (AWB module) and POL909 (AWM module). The underlying issue is missing TLS encryption in the devices’ web server, enabling an unauthenticated remote attacker in a MITM position to read sensitive data (e.g., administrator credentials) or modify data in...

7.4CVSS7.2AI score0.00408EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/11/09 11:32 a.m.17 views

CVE-2021-40366

A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...

7.4AI score0.00408EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/09/15 6:52 a.m.64 views

CVE-2021-22946

A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl clie...

7.5CVSS1.9AI score0.04224EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2021/08/30 11:54 a.m.23 views

How Does MTA-STS Improve Your Email Security?

Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now, and therefore security was not an...

Exploits0
RedhatCVE
RedhatCVE
added 2021/07/07 9:52 p.m.60 views

CVE-2021-32066

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

7.4CVSS1.2AI score0.02909EPSS
Exploits1References4
Rows per page
Query Builder