Amazon AWS Glue Database Password Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage:...

The vulnerability in the implementation of TLS and SSL protocols for the Apple Music app on the Android operating system allows a hacker to intercept the user’s session.

The vulnerability of the TLS and SSL protocols implemented by Apple Music for the Android operating system is related to improper session management. Exploiting this vulnerability can allow a malicious actor to intercept a user’s session...

CVE-2024-30407

The CVE-2024-30407 entry details a vulnerability in Juniper Networks JCNR and containerized routing Protocol Daemon (cRPD) caused by hard-coded cryptographic keys and SSH host keys in containers, enabling Man-in-the-Middle attacks and potentially complete container compromise. Affected versions: ...

CVE-2024-30189

A vulnerability has been identified in SCALANCE W721-1 RJ45 6GK5721-1FC00-0AA0 All versions, SCALANCE W721-1 RJ45 6GK5721-1FC00-0AB0 All versions, SCALANCE W722-1 RJ45 6GK5722-1FC00-0AA0 All versions, SCALANCE W722-1 RJ45 6GK5722-1FC00-0AB0 All versions, SCALANCE W722-1 RJ45 6GK5722-1FC00-0AC0 Al...

CVE-2024-30189

A vulnerability has been identified in SCALANCE W721-1 RJ45 6GK5721-1FC00-0AA0 All versions, SCALANCE W721-1 RJ45 6GK5721-1FC00-0AB0 All versions, SCALANCE W722-1 RJ45 6GK5722-1FC00-0AA0 All versions, SCALANCE W722-1 RJ45 6GK5722-1FC00-0AB0 All versions, SCALANCE W722-1 RJ45 6GK5722-1FC00-0AC0 Al...

CVE-2024-30189

CVE-2024-30189 (SCALANCE W700/W721/W722/W734/W738/W748/W761/W774/W778/W786-W788 family) describes a vulnerability in the IEEE 802.11 process where frames are leaked from the Wi‑Fi queue to change a victim’s security context. This allows a physically proximate attacker to intercept target-destined...

CVE-2024-30662

CVE-2024-30662 is rejected/not used and does not represent an active vulnerability entry.

PT-2024-23560 · Unknown · Ros2 Iron Irwini

Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions 2 Description: An issue has been discovered where the system transmits messages in plaintext, exposing sensitive information and making it vulnerable to man-in-the-middle MitM attacks. This allows attackers to...

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.163090516 was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests...

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.163090516 was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests...

Puwell Cloud Tech 360Eyes Pro 安全漏洞

Puwell Cloud Tech 360Eyes Pro is a home-oriented surveillance camera mobile platform application from Puwell Cloud Tech. A security vulnerability exists in the Puwell Cloud Tech 360Eyes Pro v3.9.5.16 3090516 version, which stems from a vulnerability that allows an attacker to intercept and access...

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.163090516 was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests...

CVE-2024-28275

CVE-2024-28275 affects Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16. The issue is that the product transmits sensitive information in cleartext, enabling potential interception of credentials and password change requests. Exploitation status is not detailed in the provided documents. Remediati...

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar, related to authentication flaws, allows attackers to intercept and modify data in Pulsar streams.

The vulnerability of the cloud-based messaging and streaming transmission platform Apache Pulsar is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to intercept and modify data in Pulsar streams remotely...

XZ Utils Backdoored, A Supply Chain Nightmare

Summary: Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data...

Exploit for Embedded Malicious Code in Tukaani Xz

Description Malicious code was discovered in the upstream tarb...

Elementor Website Builder < 3.12.2 - Admin+ SQLi

EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp...

CVE-2023-50311

CVE-2023-50311 affects IBM CICS Transaction Gateway for Multiplatforms (Desktop Edition) versions 9.2 and 9.3. The Red Hat/IBM bulletin and IBM security pages describe an information-disclosure flaw where sensitive path information could be exposed via debugging or error messages, reflecting a we...

CVE-2023-50311 IBM CICS Transaction Gateway for Multiplatforms information disclosure

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages...

CVE-2023-50311 IBM CICS Transaction Gateway for Multiplatforms information disclosure

IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 could disclose sensitive path information to an attacker that could reveal through debugging or error messages...