Linux Distros Unpatched Vulnerability : CVE-2019-17596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack...

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates.

...

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 5.51 through 11.9, which stems from an O3C feature that could expose sensitive traffic between the client and the server...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

Siemens Industrial Edge Management 信任管理问题漏洞

Siemens Industrial Edge Management, a platform from Siemens Germany, is used to host applications from different vendors on a computing platform close to the shop floor. issue vulnerability, which stems from the fact that when initiating a TLS connection, the affected software does not properly...

FAST or Burp or both?

By @aLLy , Wallarm Research Hello guys, time to talk details about Wallarm FAST Framework for Application Security Testing. It’s a new automatic web vulnerability scanning and fuzzing detection tool by Wallarm Inc. It is well suited for security researchers in enterprise Red Teams as well as for...

Information disclosure

Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by...

CVE-2013-5492

Cisco SocialMiner’s administration.jsp contains an information-disclosure vulnerability (Bug CSCuh76780) that could allow an unauthenticated, remote attacker to obtain sensitive user information by sniffing HTTP traffic between a SocialMiner client and server. The issue stems from insecure HTTP h...