PT-2022-24567 · Nokia · Nokia Odu +1

Name of the Vulnerable Software and Affected Versions: Nokia FastMile 5G Receiver 5G14-B version 1.2104.00.0281 Description: An issue was discovered in the Bluetooth pairing mechanism of the Nokia ODU, which uses outdated pairing mechanisms. This allows an attacker to passively intercept a pairin...

Shopify: Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account

A vulnerability was discovered in the Shop App's Microsoft Outlook OAuth flow, where a malicious app could intercept the authorization code during authentication due to the use of deep links. This could allow an attacker to gain access to the victim's emails. The issue was mitigated by implementi...

Trend Micro Apex One 加密问题漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. A security vulnerability exists in the Trend Micro Apex One 2021 On-prem SaaS version, which stems from the fact that if certain traffic data is intercepted and decoded, some information related to the server may be obtaine...

CVE-2022-22329

IBM Control Desk 7.6.1 is vulnerable because authorization tokens and session cookies lack the secure attribute, allowing cookie values to be captured if a user visits an http link or a link is planted on a site. The issue affects IBM Control Desk 7.6.x (notably 7.6.1). Mitigation documented by I...

CVE-2022-36173

FreshService macOS Agent 4.4.0 and FreshServce Linux Agent 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service...

About the security content of iOS 16

About the security content of iOS 16 This document describes the security content of iOS 16. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...

Default credentials

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller...

CVE-2022-30312

The Trend Controls IC protocol through 2022-05-06 allows Cleartext Transmission of Sensitive Information. According to FSCT-2022-0050, there is a Trend Controls Inter-Controller IC protocol cleartext transmission of credentials issue. The affected components are characterized as: Inter-Controller...

CVE-2022-23678

A vulnerability in the Aruba Virtual Intranet Access VIA client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access VIA client for Microsoft Windows...

CVE-2022-23678

The CVE-2022-23678 entry describes a vulnerability in the Aruba Virtual Intranet Access (VIA) client for Windows (versions 4.3.0 build 2208101 and below) where an attacker on a privileged network position could intercept sensitive information. Affected component: VIA Client for Windows; root caus...

PT-2022-16187 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Aruba Virtual Intranet Access VIA client for Microsoft Windows operating system versions 4.3.0 build 2208101 and below Description: A vulnerability in the Aruba Virtual Intranet Access VIA client for Microsoft Windows operating system client...

CVE-2022-0336

The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...

DEBIAN-CVE-2022-0336

The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...

KLA19260 XSS vulnerability in Apache Tomcat

Cross-site scripting XSS vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to perform cross-site scripting attack. Original advisories Apache Tomcat 8.5.x vulnerabilities Related products Apache-Tomcat CVE list CVE-2022-34305 high Solution Update to the late...

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process, which allows attackers to infiltrate, replicate, modify, and/or intercept confidential data.

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to remotely infiltrate, replicate, modify, and/or intercept sensitive data...

RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check

0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex re...

CVE-2022-37001

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash...

CVE-2022-37001

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash...

Design/Logic Flaw

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash...

USN-5160-1: Midnight Commander vulnerability

It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server...