CVE-2023-4537 Protocol Downgrade in Comarch ERP XL

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...

Comarch ERP XL Security Vulnerability

Comarch ERP XL is an enterprise resource planning ERP software from Comarch Poland. A security vulnerability exists in Comarch ERP XL versions 2020.2.2 through 2023.2, which stems from susceptibility to server-side MS SQL protocol downgrade requests and may result in unencrypted communications th...

CVE-2024-25642

Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the...

SAP Cloud Connector 信任管理问题漏洞

SAP Cloud Connector is a tool from SAP Germany for establishing a secure connection between local systems and SAP Cloud Platform. A trust management issue vulnerability exists in SAP Cloud Connector version 2.0, which stems from incorrect certificate validation, and can be exploited by an attacke...

Siemens SINEC INS Certificate Validation Improperity Vulnerability

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity...

ELECOM WRC-X3000GS2-W Security Vulnerability

The ELECOM WRC-X3000GS2-W is a wireless router from ELECOM. A security vulnerability exists in the ELECOM WRC-X3000GS2-W that originates from the possibility that an attacker may be able to guess the encryption key used for wireless LAN communication and intercept the communication...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

CVE-2023-44122

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44122 LockScreenSettings - Theft arbitrary files with system privilege

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching...

Dell VxRail Trust Management Issues Vulnerabilities

Dell VxRail is Dell's single HCI platform for every VMware workload and use case, including VDI, compute-intensive applications, and for hosting legacy and modern applications on a true hybrid cloud infrastructure. A trust management issue vulnerability exists in Dell VxRail 7.0.450 and prior...

CVE-2023-32464

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view o...

CVE-2023-32464

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view o...

CVE-2023-31410

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attack...

CVE-2023-29054

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

CVE-2021-21548

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerabilit...

Design/Logic Flaw

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

Improper Certificate Validation

pyloadng is vulnerable to Improper Certificate Validation. The vulnerability exists in httprequest.py due to improper SSL certificate validation which allows an attacker to intercept data over HTTPS connections...

Privilege Escalation

cockpit-hq is vulnerable to Privilege Escalation. The vulnerability exists in the save function of Users.php, allowing an attacker to escalate a user role by intercepting the request and modifying the POST data...

PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App

Name of the Vulnerable Software and Affected Versions: Selfwealth iOS mobile App version 3.3.1 Description: The issue concerns Insecure App Transport Security ATS Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for...