CVE-2024-22345

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...

CVE-2024-30207

The CVE-2024-30207 entry describes vulnerabilities in Siemens SIMATIC RTLS Locating Manager components (multiple SKUs: 6GT2780-0DA00/0DA10/0DA20/0DA30 and 6GT2780-1EA10/1EA20/1EA30) where communications between client and server rely on symmetric cryptography with a hard-coded key. The underlying...

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AsyncRat Vulnerability: Arbitrary Code Execution Description: The malware...

IBM TXSeries for Multiplatforms 安全漏洞

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 8.2 that...

Nuki Bridge 安全漏洞

Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in v1.x versions of Nuki Bridge prior to v1.22.0 and v2.x versions prior to v2.13.2, and Nuki Keypad prior to v1.9.2, which stems from a lack of certificate validation for HTTP communications, allowing an...

CVE-2024-22345

CVE-2024-22345 affects IBM TXSeries for Multiplatforms 8.2. The vulnerability arises from transmitting or storing authentication credentials using an insecure method, allowing potential unauthorized interception or retrieval. Multiple sources (Red Hat, IBM Security Bulletin, PTSecurity, CVE listi...

CVE-2024-22345 IBM TXSeries for Multiplatforms information disclosure

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 280192...

CVE-2022-32509

Technical details for CVE-2022-32509 are not publicly available in the provided documents. No specific affected versions, root cause, impact, or fixes are described here; monitor official advisories for updates.

CVE-2022-32509

An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2...

PT-2024-11573 · Nuki · Nuki Bridge V2 +2

Name of the Vulnerable Software and Affected Versions: Nuki Smart Lock versions 3.0 through 3.3.5 Nuki Bridge v1 versions 1.0 through 1.22.0 Nuki Bridge v2 versions 2.0 through 2.13.2 Description: An issue was discovered on certain Nuki Home Solutions devices, where lack of certificate validation...

K000139012: BIG-IP Next Central Manager vulnerability CVE-2024-33612

Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. CVE-2024-33612...

CVE-2024-3661

CVE-2024-3661 – Summary : DHCP can inject routes via option 121 in the classless static route option, enabling an attacker on the same LAN to cause VPN traffic to leak onto the physical interface. This affects NetworkManager-based VPN setups where routes aren’t strictly bound to VPN interfaces. I...

CVE-2024-32973

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session...

CVE-2024-32973

Pluto (a Lua 5.4 superset) is affected in versions prior to 0.9.3. An attacker who can intercept network traffic can present a specially-crafted certificate to cause Pluto to trust the remote for a TLS session, degrading transport integrity in the HTTP library and socket.starttls. The issue is ad...

The vulnerability of the Hitachi Ops Center Analyzer software for data analysis and analysis lies in the absence of a “Secure” flag in the HTTPS session cookies. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Hitachi Ops Center Analyzer software-related data analysis and processing programs lies in the absence of the “Secure” flag in the HTTPS session cookies. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

[SECURITY] Fedora 40 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

HackerOne: 2FA Bypass via Leaked Cookies

Vulnerability description not provided...

Advisory ROSA-SA-2024-2408

Software: xz 5.2.4 OS: ROSA Virtualization 2.1 packageevrstring: xz-5.2.4-1 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process...

The vulnerability of the ECDSA signature generation component in client software for various remote access protocols allows a hacker to intercept session sessions.

The vulnerability of the ECDSA signature generation component in client software for various remote access protocols, such as Putty, is related to the possibility of recovering the secret key. Exploiting this vulnerability allows a malicious actor to intercept sessions by recovering the secret ke...