CVE-2023-4801

The CVE-2023-4801 issue affects the MacOS Insider Threat Management (ITM) Agent. It is an improper certificate validation vulnerability that could allow an anonymous actor on an adjacent network to perform a man-in-the-middle attack between the ITM Agent and the ITM server after registration. All...

CVE-2023-4801 ITM MacOS Agent Improper Certificate Validation

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

Anaconda3 Trust Management Issue Vulnerability

Anaconda3 is a distribution of the Python and R programming languages for scientific computing data science, machine learning applications, large-scale data processing, predictive analytics, etc. from the American company Anaconda. Dedicated to simplifying package management systems and deploymen...

The vulnerability of the microprogrammed software of Moxa’s TN-5900 series routers allows for the execution of arbitrary code.

The vulnerability of Moxa TN-5900 series router microprogramming software is related to errors in processing input data during the certification creation process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

FAS - Logon error, one of the CAs is not trusted

FAS logon fails with an error "The username or password is incorrect". Events are logged on CA/FAS/VDA/Domain Controllers that one of the CAs is not trusted, usually after a CA Certificate is changed/renewed...

CVE-2023-34215

TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote...

CVE-2023-34215

TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote...

PT-2023-4605 · Unknown · Tn-5900 Series

Name of the Vulnerable Software and Affected Versions: TN-5900 Series firmware versions prior to v3.3 Description: The issue stems from insufficient input validation and improper authentication in the certification-generation function. This could potentially allow malicious users to execute remot...

townserv.de Cross Site Scripting vulnerability OBB-3584891

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Vulnerability disclosure in aviation

We joined Boeing and United Airlines on a panel recently at the RSA Conference to talk about vulnerability disclosure in the aviation world. The engagement we are now seeing between researchers and industry is a powerful force for positive change. Hopefully this will start to reduce the number of...

Hive Pro Achieves ISO/IEC 27001: 2022 Certification

Hive Pro has achieved ISO 27001: 2022 Certification, Demonstrating A Continuous Commitment to Excellence in Information Security August 8th, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce that they have successfully attained ISO 27001:202...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

cadeiras.net Cross Site Scripting vulnerability OBB-3551211

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-25399]

Summary Python module SciPy is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to...

The vulnerability of the CMPv2 protocol implementation in Juniper Networks’ Junos OS allows a attacker to trigger a service failure.

The vulnerability of the CMPv2 certification management protocol implementation in Juniper Networks’ Junos OS lies in insufficient checks for exceptional states. Exploiting this vulnerability allows a malicious actor to trigger a service failure remotely...

FreeBSD : Python -- multiple vulnerabilities (d86becfe-05a4-11ee-9d4a-080027eda32c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d86becfe-05a4-11ee-9d4a-080027eda32c advisory. - The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's I...

CVE-2022-32730

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2022-32704

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2022-45457

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent Windows before build 29633, Acronis Cyber Protect 15 Windows before build 30984...

CVE-2022-45458

Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent Windows, macOS, Linux before build 29633, Acronis Cyber Protect 15 Windows, macOS, Linux before build 30984...