CVE-2023-30729

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information...

Input validation

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information...

CVE-2023-30729

CVE-2023-30729 affects Samsung Email prior to version 6.1.82.0 . The root cause is improper certificate validation , enabling a remote attacker to intercept network traffic and access sensitive information. Affected software: Samsung Email versions before 6.1.82.0. Remediation: update to version ...

CVE-2023-30729

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information...

PT-2023-22931 · Samsung · Samsung Email

Name of the Vulnerable Software and Affected Versions: Samsung Email versions prior to 6.1.82.0 Description: The issue allows a remote attacker to intercept network traffic, including sensitive information, due to improper certificate validation. Recommendations: For versions prior to 6.1.82.0,...

CVE-2022-22305

An improper certificate validation vulnerability CWE-295 in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle th...

Improper Certificate Validation

apacheairflow is vulnerable to Improper Certificate Validation. The software does not properly validate SMTP certificates, which could allow an attacker to present a malicious certificate to the client which could be used to impersonate a legitimate mail server, allowing the attacker to steal mai...

CVE-2023-4420

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can...

The vulnerability of the SED software “DELO” stems from deficiencies in the authentication process, allowing a perpetrator to intercept the identifier and bypass the authentication mechanism.

The vulnerability of the SED software “DELO” is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to intercept the identifier and bypass the authentication mechanism...

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle AitM attacks at the...

FreeBSD : samba -- multiple vulnerabilities (441e1e1a-27a5-11ee-a156-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 441e1e1a-27a5-11ee-a156-080027f5fec9 advisory. - An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

PYSEC-2023-139

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

Code injection

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2023-38686 Sydent does not verify email server certificates

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2023-38686

Removed by vendor...

CVE-2023-38686 Sydent does not verify email server certificates

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2023-38686 Sydent does not verify email server certificates

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2023-38686

Sydent (Matrix Identity Server) is affected pre-2.5.6: when configured to send emails via TLS, it does not verify SMTP server certificates, enabling MITM interception of invitation and address-confirmation emails by an attacker with network access. Root cause: failure to verify TLS SMTP certifica...