CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

CVE-2024-54147

The CVE-2024-54147 entry covers Altair GraphQL Client (desktop) prior to version 8.0.5, where the application does not validate HTTPS certificates. This weakness enables a man-in-the-middle on untrusted networks to intercept GraphQL request/response headers and bodies (including authorization tok...

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...

CVE-2024-47791

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices...

CVE-2024-47791 Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems is related to improper session management. This vulnerability allows attackers to intercept user sessions and gain increased privileges.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session and increase their privileges...

CVE-2024-12123 Unauthorized Modification of Ticket Requester

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the...

CVE-2024-12123 Unauthorized Modification of Ticket Requester

A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the...

PT-2024-17449 · Issuetrak · Issuetrak

Name of the Vulnerable Software and Affected Versions: Issuetrak version 17.1 Description: A hidden field manipulation issue was identified that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and modified by using a proxy...

Issuetrak 安全漏洞

Issuetrak is an issue tracking software from Issuetrak, Inc. A security vulnerability exists in Issuetrak version 17.1, which stems from the presence of a hidden field manipulation vulnerability, whereby when an authenticated user submits a work order, the request may be intercepted and...

The vulnerability of the Brocade Fabric OS operating system, related to deficiencies in authentication procedures, allows a perpetrator to intercept service sessions.

The vulnerability of the Brocade Fabric OS operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to intercept service sessions remotely...

The vulnerability of Mitsubishi Electric’s GOT2000 and GOT SIMPLE graphic panel controllers lies in the predictability of random initial TCP session numbers. This allows attackers to intercept connections for data transmission and prevent the establishment of connections for data transfer.

The vulnerability of Mitsubishi Electric’s GOT2000 and GOT SIMPLE graphic control panels relates to the predictability of random initial TCP session numbers. Exploiting this vulnerability allows a remote attacker to intercept data transmissions and prevent the establishment of data connection...

The vulnerability of the software used in Hitachi Energy’s equipment monitoring and control system, Hitachi Energy MicroSCADA X SYS600, allows a intruder to intercept an already established session.

The vulnerability of the software used in Hitachi Energy’s equipment monitoring and control system, MicroSCADA X SYS600, involves bypassing the authentication process. Exploiting this vulnerability allows a malicious actor to intercept an already established session...

The vulnerability of the SSL VPN remote access technology for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the SSL VPN remote access technology for FortiOS operating systems relates to the interception of user sessions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands remotely...

perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability

A flaw was found in App::cpanminus cpanm through version 1.7047. The default configuration downloads Perl modules from CPAN using HTTP, which could allow an attacker to view or modify the content without the knowledge of the user. This issue could allow an attacker to execute malicious code if th...

CVE-2024-52316

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the...

USN-7108-1: AsyncSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

PT-2024-9168 · Nextcloud +1 · Nextcloud Mail +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.14.6 Nextcloud Mail versions prior to 1.15.4 Nextcloud Mail versions prior to 2.2.11 Nextcloud Mail versions prior to 3.6.3 Nextcloud Mail versions prior to 3.7.7 Nextcloud Mail versions prior to 4.0.0...

The vulnerability of the authentication module through the OpenID Connect protocol in NGINX web servers, related to improper session management, allows attackers to gain full access to the application.

The vulnerability of the authentication module through the OpenID Connect protocol in NGINX web servers is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the application by intercepting sessions...

CVE-2024-49393

CVE-2024-49393 affects the email clients neomutt and mutt . The issue is that the To and Cc headers are not validated by cryptographic signing, allowing an interceptor to modify recipients and potentially compromise message confidentiality. Public documents confirm patched updates exist (e.g., Ma...