CVE-2024-40714

CVE-2024-40714 is an improper TLS certificate validation vulnerability in Veeam Backup & Replication 12.x (affected versions before 12.2.0.334). An attacker on the same network could intercept credentials during restore operations. Remediation per Veeam KB4649: upgrade to 12.2.0.334 (or later). C...

Data Interception And Manipulation

Gorush is vulnerable to Data Interception and Manipulation. The vulnerability is due to the use of a deprecated TLS version in the RunHTTPServer function within servernormal.go, which allows an attacker to intercept and manipulate data...

Gorush uses deprecated TLS versions

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

GHSA-P3PF-MFF8-3H47 Gorush uses deprecated TLS versions

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

Gorush 安全漏洞

Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

CVE-2024-41270 affects Gorush (RunHTTPServer) in v1.18.4. The issue arises from using a deprecated TLS version, enabling an attacker to intercept and manipulate data. The connected sources (Red Hat, OSV, GHSA, Veracode, NVD, and related catalogs) consistently describe the same root cause and impa...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

Siemens SIPROTEC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

LibreOffice Improper Certificate Validation Vulnerability (Jul 2024) - Windows

LibreOffice is prone to an improper certificate validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-5820

An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...

CVE-2024-30119

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

CVE-2024-30119

CVE-2024-30119 affects HCL DRYiCE Optibot Reset Station due to a missing Strict Transport Security (HSTS) header. Underlying issue allows potential interception or manipulation of data during redirection. CVSSv3.1/3.1 metrics indicate a base score of 3.7 (LOW) with Network attack vector, high att...

HCL Technologies DRYiCE Optibot Reset Station Security Vulnerability

HCL Technologies DRYiCE Optibot Reset Station is an application from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE Optibot Reset Station that stems from the lack of a Strict Transport Security header. An attacker exploiting this vulnerability could intercept or...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

Hitachi Energy UNEM/ECST

SUMMARY Hitachi Energy is aware of a vulnerability that affects the UNEM/ECST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about the...

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that originates from a vulnerability that allows an attacker to intercept or forge data exchanges between a client and a server...

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...