CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...

CVE-2024-45005

CVE-2024-45005 affects the Linux kernel KVM on s390. The issue is a validity interception in the SIE path when gisa is disabled, caused by passing an uninitialized gisa origin to virt_to_phys() and then writing it into the gisa designation. The fix returns 0 in kvm_s390_get_gisa_desc() if origin ...

CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

CVE-2024-20497

Cisco Expressway Edge (Expressway-E) is affected by an improper authorization vulnerability. An authenticated MRA user can masquerade as another user and potentially intercept calls or spoof caller IDs due to inadequate authorization checks for Mobile and Remote Access users. Exploitation require...

Improper Hostname Verification

io.kroxylicious, kroxylicious-runtime is vulnerable to Improper Hostname Verification. The vulnerability is due to Kroxylicious failing to properly verify the server's hostname during a TLS connection, which allows an attacker to intercept or manipulate communications...

CVE-2024-39921

CVE-2024-39921 describes an information-disclosure vulnerability in IPCOM EX2 Series (V01L02NF0001–V01L06NF0401, V01L20NF0001–V01L20NF0401, V02L20NF0001–V02L21NF0301) and IPCOM VE2 Series (V01L04NF0001–V01L06NF0112). The issue is an observable timing discrepancy that can allow an attacker to decr...

PT-2024-9564 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore...

ROS-20240904-11

A vulnerability in the implementation of the PEAP Protected Extensible Authentication Protocol protocol of the Wi-Fi WPA Supplicant client is caused by flaws in the authorization procedure. Wi-Fi WPA Supplicant is caused by a flaw in the authorization procedure. Exploitation of the vulnerability...

Dorsett Controls InfoScan < 1.38 Multiple Vulnerabilities (July 2024)

The version of Dorsett Controls InfoScan running on the remote host is prior to 1.38. It is, therefore, affected by multiple vulnerabilities: - Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. CVE-2024-392...

Improper Validation Of Integrity Check Value

org.apache.sshd, sshd-common is vulnerable for Improper Validation Of Integrity Check Value. The vulnerability is due to the possibility of packet interception, where an attacker can intercept traffic between the client and server and drop certain packets from the stream, potentially downgrading ...

CVE-2024-41909 Apache MINA SSHD: integrity check bypass

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...

CVE-2024-41909

CVE-2024-41909 references a Terrapin-like downgrade risk in SSH streams similar to CVE-2023-48795, where an attacker intercepting traffic could cause packet drops that lead to downgraded or disabled security features on both client and server ends. Technical details in the connected documents sho...

N-able Ecosystem Agent 安全漏洞

N-able Ecosystem Agent is an agent system from N-able Canada. A security vulnerability exists in N-able Ecosystem Agent that stems from not properly validating SSL/TLS certificates, which could allow a malicious actor to perform man-in-the-middle operations and intercept traffic between the agent...

CVE-2024-42408

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure...

CVE-2024-42408

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure...

CVE-2024-42408

The CVE-2024-42408 issue affects Dorsett Controls InfoScan (pre-1.38): the InfoScan client download page can be intercepted by a proxy, exposing locally stored filenames and potentially leading to information exposure. Root cause: path traversal in the download page handling allows leakage when a...

CVE-2024-42408 Dorsett Controls InfoScan Path Traversal

The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure...

CVE-2024-22069

CVE-2024-22069 affects ZTE ZXV10 XT802/ET301. The issue is a permission and access control vulnerability allowing a user with common permissions to log in to the terminal web interface and illegally change the administrator password by intercepting password-change requests. Reported as a network-...

Data Interception And Manipulation

Gorush is vulnerable to Data Interception and Manipulation. The vulnerability is due to the use of a deprecated TLS version in the RunHTTPServer function within servernormal.go, which allows an attacker to intercept and manipulate data...