CVE-2022-23509 Weave Gitops Run vulnerable to insecure communication

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps...

WhatsApp Launches a Proxy Tool to Fight Internet Censorship

Amid internet shutdowns in Iran, the encrypted messaging app is introducing proxy connections that can help people get online...

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to s...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2023-1036)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged...

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

Design/Logic Flaw

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

noise 安全漏洞

noise is a Flynn open source Go package that implements the noise protocol framework. A security vulnerability exists in noise, which stems from a weakened cryptographic security of the Noise Protocol implementation after encrypting 2^64 messages, and a potential denial-of-service attack...

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface the credentials cannot be directly exploited...

PT-2022-27506 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue concerns a vulnerability that allows an attacker to obtain encrypted MQTT credentials through an unauthenticated request by sending a crafted packet to the...

CVE-2022-45423

The CVE-2022-45423 entry concerns Dahua software products vulnerable to unauthenticated requests for MQTT credentials. Affected component is the vulnerable interface handling MQTT credential requests; the underlying issue enables an attacker to obtain encrypted MQTT credentials by sending a craft...

Dahua software products 访问控制错误漏洞

Dahua software products are a family of applications from the Chinese company Dahua. A security vulnerability exists in several Dahua software products that stems from their unauthenticated MQTT credential requests that allow an attacker to obtain encrypted MQTT credentials which cannot be direct...

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

CVE-2022-44012

CVE-2022-44012 affects Simmeth Lieferantenmanager (pre-5.6). An issue in the /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId endpoint enables cross-site scripting, allowing an attacker to run JavaScript in a victim’s browser and potentially access the victim’s encrypted pas...

The vulnerability of the software access control mechanism for Mitsubishi Electric GX Works3 allows a intruder to execute arbitrary code.

The vulnerability of the software access control mechanism for Mitsubishi Electric’s GX Works3 programming platform is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by replacing the...

LastPass: Hackers Stole User Data and Encrypted Password Vaults

By Deeba Ahmed It turns out that hackers stole much more than just the source code from LastPass. This is a post from HackRead.com Read the original post: LastPass: Hackers Stole User Data and Encrypted Password Vaults...

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted...

DEBIAN-CVE-2022-1520

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A...