119 matches found
CVE-2023-50310
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
Bitdefender Total Security 信任管理问题漏洞
Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A trust management issue vulnerabili...
N-able Ecosystem Agent 安全漏洞
N-able Ecosystem Agent is an agent system from N-able Canada. A security vulnerability exists in N-able Ecosystem Agent that stems from not properly validating SSL/TLS certificates, which could allow a malicious actor to perform man-in-the-middle operations and intercept traffic between the agent...
PT-2024-36335 · N Able · Ecosystem Agent
Name of the Vulnerable Software and Affected Versions: Ecosystem Agent versions 4.0 through 4.1.5.2597 Ecosystem Agent versions 5.0 through 5.1.4.2473 Description: The issue is related to the improper validation of SSL/TLS certificates. This could allow a malicious actor to perform a...
http-tiny: perl: insecure TLS cert default
A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...
CVE-2024-36788
Netgear WNR614 JNR1010V2 N300-V1.1.0.541.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices...
PT-2024-23560 · Unknown · Ros2 Iron Irwini
Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions 2 Description: An issue has been discovered where the system transmits messages in plaintext, exposing sensitive information and making it vulnerable to man-in-the-middle MitM attacks. This allows attackers to...
PT-2023-7965 · Unknown · Rtu500 Scripting Interface
Name of the Vulnerable Software and Affected Versions: RTU500 Scripting interface affected versions not specified Description: A vulnerability exists in the RTU500 Scripting interface component. When a client connects to a server using TLS, the server presents a certificate that links a public ke...
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...
DEBIAN-CVE-2023-3347
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
PT-2023-23270 · Unknown · Piigab M-Bus
Name of the Vulnerable Software and Affected Versions: PiiGAB M-Bus affected versions not specified Description: The issue concerns the transmission of credentials in plaintext format. This means that when credentials are sent over the network, they are not encrypted, potentially allowing...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
PT-2023-19291 · Unknown · Skybridge Mb-A200 +1
Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A200 versions 01.00.05 and earlier SkyBridge BASIC MB-A130 versions 1.4.1 and earlier Description: The issue is related to an improper following of a certificate's chain of trust, which may allow a remote unauthenticated attacker...
CVE-2022-32906
This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...
SUSE CVE-2022-24986
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...
Rapid7 Nexpose 信任管理问题漏洞
Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can utilize scanning results to deeply probe the network. The software supports scanning of configuration environments for errors, vulnerabilities, malware, and more. A security vulnerability exists in Rapid7...
PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App
Name of the Vulnerable Software and Affected Versions: Selfwealth iOS mobile App version 3.3.1 Description: The issue concerns Insecure App Transport Security ATS Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for...
CVE-2023-22863
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109...
CVE-2022-41243
Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...