Hitachi Energy UNEM/ECST

SUMMARY Hitachi Energy is aware of a vulnerability that affects the UNEM/ECST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about the...

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that originates from a vulnerability that allows an attacker to intercept or forge data exchanges between a client and a server...

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...

CVE-2022-32509

Technical details for CVE-2022-32509 are not publicly available in the provided documents. No specific affected versions, root cause, impact, or fixes are described here; monitor official advisories for updates.

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...

PT-2024-11573 · Nuki · Nuki Bridge V2 +2

Name of the Vulnerable Software and Affected Versions: Nuki Smart Lock versions 3.0 through 3.3.5 Nuki Bridge v1 versions 1.0 through 1.22.0 Nuki Bridge v2 versions 2.0 through 2.13.2 Description: An issue was discovered on certain Nuki Home Solutions devices, where lack of certificate validation...

Puwell Cloud Tech 360Eyes Pro 安全漏洞

Puwell Cloud Tech 360Eyes Pro is a home-oriented surveillance camera mobile platform application from Puwell Cloud Tech. A security vulnerability exists in the Puwell Cloud Tech 360Eyes Pro v3.9.5.16 3090516 version, which stems from a vulnerability that allows an attacker to intercept and access...

XZ Utils Backdoored, A Supply Chain Nightmare

Summary: Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data...

Exploit for Embedded Malicious Code in Tukaani Xz

Description Malicious code was discovered in the upstream tarb...

SUSE CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

DEBIAN-CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

UBUNTU-CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

CVE-2024-3094 Xz: malicious code in distributed source

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

BIT-MARIADB-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

CVE-2023-4537

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

CVE-2023-4537

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

Design/Logic Flaw

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

CVE-2023-4537

CVE-2023-4537 affects Comarch ERP XL client (ERP XL: 2020.2.2–2023.2). The issue is a server‑side MS SQL protocol downgrade that can lead to unencrypted communication vulnerable to data interception and modification. The available documents confirm the affected software and the root cause (downgr...

CVE-2023-4537 Protocol Downgrade in Comarch ERP XL

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...