CVE-2022-32928

CVE-2022-32928 describes a logic issue in Apple systems that could allow a user in a privileged network position to intercept mail credentials. The vulnerability is fixed in iOS 16, macOS Ventura 13, and watchOS 9. Connected sources confirm the issue relates to Apple software components and the v...

Clickjacking

github.com/hashicorp/boundary is vulnerable to clickjacking. An attacker can redirect the user to malicious sites by intercepting login credentials, causing malicious actions on the site...

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

Design/Logic Flaw

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

Authorization

Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel has a security vulnerability that stems from a flaw discovered in the AMD nested virtualization SVM of KVM. A malicious L1 guest may intentionally not intercept the shutdown of a...

CVE-2022-40147

A vulnerability has been identified in Industrial Edge Management All versions V1.5.1. The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between...

Hashicorp Boundary 安全漏洞

HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. It automates identity-based secure user access to hosts and services across environments. A security vulnerability exists in versions of Hashicorp Boundary prior to 0.9.1, which can be exploited by an attacker to...

U.S. Dept Of Defense: Sensitive Data Exposure at https://█████████

Sensitive data exposure was discovered in an endpoint of a website, which contained AWS S3 credentials, PATH, IP, and PORTs. This could have allowed an attacker to gain access to sensitive information on the AWS account or perform arbitrary modifications on the AWS resources...

Bytebase allows low-privilege users to view admin projects

Overview The "Bytebase" application does not restrict low privilege user from accessing admin projects Details The "Bytebase" application does not restrict low privilege user from accessing admin projects for which an unauthorized user can view the "projects" created by "Admin". The affected...

Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Intercept the request made when saving the setting...

Apache Pulsar Java Client vulnerable to Improper Certificate Validation

Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication...

CVE-2022-41243

Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2022-40141

A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server...

CVE-2022-40141

A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server...

CVE-2022-40141

A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server...

CVE-2022-40141

Trend Micro Apex One and Apex One as a Service are affected by CVE-2022-40141, an information-exposure vulnerability where intercepting and decoding certain traffic could reveal server-identifying attributes. Affected products: Trend Micro Apex One On Premise and Apex One as a Service. Root cause...

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

Code injection

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...