SAP Cloud Connector 信任管理问题漏洞

SAP Cloud Connector is a tool from SAP Germany for establishing a secure connection between local systems and SAP Cloud Platform. A trust management issue vulnerability exists in SAP Cloud Connector version 2.0, which stems from incorrect certificate validation, and can be exploited by an attacke...

Siemens SINEC INS Certificate Validation Improperity Vulnerability

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity...

ELECOM WRC-X3000GS2-W Security Vulnerability

The ELECOM WRC-X3000GS2-W is a wireless router from ELECOM. A security vulnerability exists in the ELECOM WRC-X3000GS2-W that originates from the possibility that an attacker may be able to guess the encryption key used for wireless LAN communication and intercept the communication...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

CVE-2023-44122

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44122 LockScreenSettings - Theft arbitrary files with system privilege

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching...

Dell VxRail Trust Management Issues Vulnerabilities

Dell VxRail is Dell's single HCI platform for every VMware workload and use case, including VDI, compute-intensive applications, and for hosting legacy and modern applications on a true hybrid cloud infrastructure. A trust management issue vulnerability exists in Dell VxRail 7.0.450 and prior...

CVE-2023-32464

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view o...

CVE-2023-32464

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view o...

CVE-2023-31410

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attack...

CVE-2023-29054

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

CVE-2021-21548

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerabilit...

Design/Logic Flaw

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

Improper Certificate Validation

pyloadng is vulnerable to Improper Certificate Validation. The vulnerability exists in httprequest.py due to improper SSL certificate validation which allows an attacker to intercept data over HTTPS connections...

Privilege Escalation

cockpit-hq is vulnerable to Privilege Escalation. The vulnerability exists in the save function of Users.php, allowing an attacker to escalate a user role by intercepting the request and modifying the POST data...

PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App

Name of the Vulnerable Software and Affected Versions: Selfwealth iOS mobile App version 3.3.1 Description: The issue concerns Insecure App Transport Security ATS Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for...

Bluetooth Core Specification 安全漏洞

The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. It is overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the...

CVE-2022-45480

PC Keyboard WiFi & Bluetooth allows an attacker in a man-in-the-middle position between the server and a connected device to see all data including keypresses in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N...

CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...