CVE-2022-23678

A vulnerability in the Aruba Virtual Intranet Access VIA client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access VIA client for Microsoft Windows...

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process, which allows attackers to infiltrate, replicate, modify, and/or intercept confidential data.

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to remotely infiltrate, replicate, modify, and/or intercept sensitive data...

CVE-2022-1521

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data...

PT-2022-4353 · Illumina · Illumina Local Run Manager

Name of the Vulnerable Software and Affected Versions: Illumina Local Run Manager affected versions not specified Description: The issue is related to the lack of authentication or authorization procedures in the software. This allows a malicious actor to inject, replay, modify, and/or intercept...

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices, which stems from the transmission of data in an open manner via the HTTP protocol, allows attackers to intercept traffic and disrupt the operation of the devices.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the transmission of data in an open manner via the HTTP protocol. Exploiting this vulnerability can allow a remote attacker to intercept traffic and disrupt the operation of the device...

CVE-2021-27768

Using the ability to perform a Man-in-the-Middle MITM attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode...

USN-5360-1 tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640 It was discovered that Tomcat did not properly deserialize untrusted data. An...

PT-2022-8710 · Ge · Ge Reason Rt430 +2

Name of the Vulnerable Software and Affected Versions: GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06 Description: The issue allows attackers to intercept and decrypt encrypted traffic through an HTTPS connection by having access to the hard-coded cryptographic key. This could...

CVE-2020-10627

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...

Authentication flaw

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...

CVE-2020-10627

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An...

IBM QRadar Network Security 安全漏洞

IBM QRadar Network Security is a network security manager from IBM USA, Inc. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.A security...

What is Eavesdropping Attack❓ Definition, Types and Prevention

Eavesdropping can be defined as the demonstration of quietly catching a discussion among arbitrary outsiders; albeit discourteous, what mischief might it actually do? All things considered, very little in case somebody is simply honestly paying attention to a discussion that intrigues them...

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. Philips Vue PACS suffers from a security vulnerability that arises from the software transmitting sensitive or security-critical data in clear text, a communication channel that can be sniffed by unauthorized actors...

Stalkerware Apps Riddled with Security Bugs

Android stalkerware apps – used to surreptitiously track people’s movements and digital activities – turn out to themselves be rife with security holes that put victims in even danger. Stalkerware can track the GPS location of a victim’s device, record conversations, capture images and snoop on...

VulnCheck KEV: CVE-2019-5591

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

CVE-2020-25169

The CVE-2020-25169 issue affects Reolink P2P cameras, where data transferred between the local device and Reolink servers may be exposed due to cleartext transmission of sensitive information. The advisory notes a high risk with CVSS v3 base score up to 9.1 (ATT&CK context not explicitly listed i...

CVE-2020-28912

CVE-2020-28912 concerns MariaDB running on Windows where local clients connecting via named pipes can be intercepted by an unprivileged user who can then act as a man‑in‑the‑middle. The root cause is an incorrect security descriptor. Affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 1...

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

The vulnerability of the CmtViewer application for controlling programmable panels stems from the use of a less secure encryption algorithm, allowing an attacker to gain full access to the device.

The vulnerability of the CmtViewer application for controlling programmable panels is related to the use of a less secure encryption algorithm. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the data transmitted over the network, decrypt it, and gain full...