446 matches found
PT-2021-13886 · Mongodb · Mongodb-Client-Encryption
Name of the Vulnerable Software and Affected Versions: mongodb-client-encryption module version 1.2.0 Description: The issue arises from the mongodb-client-encryption module's failure to correctly validate the KMS server's certificate. This could allow an attacker with a privileged network positi...
CVE-2021-22703
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...
CVE-2021-22702
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor...
Design/Logic Flaw
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...
AZL-31696 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
AZL-31731 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Code injection
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
CVE-2020-8554 affects the Kubernetes API server by allowing an attacker who can create a ClusterIP service with a crafted spec.externalIPs to intercept traffic to that IP, and by abusing privileged status.patch on a LoadBalancer service to set status.loadBalancer.ingress.ip. The issue is rooted i...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
kubernetes: MITM using LoadBalancer or ExternalIPs
A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster...
CVE-2020-8577
SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session...
bettercap-proxy-modules
This is a collection of HTTP proxy modules for the BetterCap framework, a tool for performing network attacks and penetration testing. The modules are designed to be used with the BetterCap proxy server, which can be configured to intercept and modify HTTP traffic between a client and a server. T...
Speed 2 – The Poseidon Adventure – Part Two
This post is a companion to the DEF CON 28 video available here Part One is available here Issue 3: Time and Tide Wait for No VLAN As mentioned the cabin switch appeared to be the key to all our access requirements. From that we could get to the trunk network, and all those TV, VOIP, and Wi-Fi...
About the security content of iOS 12.2 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
Information Disclosure
github.com/pritunl/pritunl-client-electron is vulnerable to information disclosure. The client does not verify signature using HMAC SHA-512, allowing a man-in-the-middle attacker to intercept amd modify all the traffic through an attacker's VPN to reveal the confidential information...
CVE-2020-15813
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...
Man-in-the-Middle (MitM)
dogtag-pki is vulnerable to man-in-the-middle attack. The certificate validation is disabled by default and is not configurable, allowing an attacker to perform a man-in-the-middle attack to intercept and modify network traffic...