CVE-2024-44097

CVE-2024-44097 : Google Nest devices are affected by a TLS trust-management flaw where the application fails to properly validate the server certificate during TLS initialization, allowing a network attacker to intercept and read data and potentially forward or inject modified data to the real se...

Cisco Nexus Dashboard 安全漏洞

Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from the Cisco NDO Verify Peer Certificates site management feature authenticating only when adding ...

Google Nest 安全漏洞

Google Nest is a smart home product from the American company Google Google. Google Nest suffers from a trust management issue vulnerability that stems from the application failing to properly validate the server certificate when initializing a TLS connection, which can be exploited by a cyber...

CVE-2024-40714

CVE-2024-40714 is an improper TLS certificate validation vulnerability in Veeam Backup & Replication 12.x (affected versions before 12.2.0.334). An attacker on the same network could intercept credentials during restore operations. Remediation per Veeam KB4649: upgrade to 12.2.0.334 (or later). C...

Data Interception And Manipulation

Gorush is vulnerable to Data Interception and Manipulation. The vulnerability is due to the use of a deprecated TLS version in the RunHTTPServer function within servernormal.go, which allows an attacker to intercept and manipulate data...

GHSA-P3PF-MFF8-3H47 Gorush uses deprecated TLS versions

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

Gorush uses deprecated TLS versions

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version...

Gorush 安全漏洞

Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...

CVE-2024-41270

CVE-2024-41270 affects Gorush (RunHTTPServer) in v1.18.4. The issue arises from using a deprecated TLS version, enabling an attacker to intercept and manipulate data. The connected sources (Red Hat, OSV, GHSA, Veracode, NVD, and related catalogs) consistently describe the same root cause and impa...

Siemens SIPROTEC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

LibreOffice Improper Certificate Validation Vulnerability (Jul 2024) - Windows

LibreOffice is prone to an improper certificate validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-5820

An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...

CVE-2024-30119

HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection...

CVE-2024-30119

CVE-2024-30119 affects HCL DRYiCE Optibot Reset Station due to a missing Strict Transport Security (HSTS) header. Underlying issue allows potential interception or manipulation of data during redirection. CVSSv3.1/3.1 metrics indicate a base score of 3.7 (LOW) with Network attack vector, high att...

HCL Technologies DRYiCE Optibot Reset Station Security Vulnerability

HCL Technologies DRYiCE Optibot Reset Station is an application from HCL Technologies, USA. A security vulnerability exists in HCL Technologies DRYiCE Optibot Reset Station that stems from the lack of a Strict Transport Security header. An attacker exploiting this vulnerability could intercept or...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...