PT-2022-8710 · Ge · Ge Reason Rt430 +2

Name of the Vulnerable Software and Affected Versions: GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06 Description: The issue allows attackers to intercept and decrypt encrypted traffic through an HTTPS connection by having access to the hard-coded cryptographic key. This could...

Cross site scripting

sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in...

CVE-2022-24762

CVE-2022-24762 affects sysend.js, a library for inter-page messaging in the same browser. The vulnerability arises from cross-origin communication where messages may be intercepted, leaking information. The impact focuses on confidentiality (high severity per CVSS 3.1/3.1 metrics) and is constrai...

GHSA-4VVG-X86P-MVQC Leaking of user information on Cross-Domain communication in sysend

Impact Users that use Cross-Origin communication and send sensitive information make it possible for this data to be intercepted. This is not a big impact because it happens only on the same browser. Patches It has been patched in version 1.10.0 Workarounds The only workaround is to not send...

sysend.js 访问控制错误漏洞

sysend.js is a small library by the Polish personal developer Jakub T. Jankiewicz. It is used for web application synchronization. An access control error vulnerability exists in sysend.js, which stems from the fact that users using cross-domain communication may have their communication...

PT-2022-16863

Name of the Vulnerable Software and Affected Versions sysend.js versions prior to 1.10.0 Description The issue affects users who use cross-origin communication, potentially allowing their communications to be intercepted. However, the impact is limited because the communication occurs within the...

Design/Logic Flaw

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. The ASP.NETSessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels...

CVE-2022-26157

CVE-2022-26157 affects Cherwell Service Management (CSM) 10.2.3. The issue is that the ASP.NET_Sessionid cookie is not protected with the Secure flag, allowing potential interception if traffic is not encrypted. The available documents consistently describe: the vulnerable component is the ASP.NE...

CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...

CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...

UBUNTU-CVE-2022-24986

KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands...

UPS VDP: Admin Authentication Bypass Lead to Admin Account Takeover

Hello Team I found that i can bypass the login page of the Admin account by intercepting the respone of the login request of connectnb.ups.com subdomain and change status from false to true Steps To Reproduce: 1. Open https://connectnb.ups.com/Layout/login 2. Enter Admin as a Username and 1111 as...

Visual Voice Mail (VVM) services transmit unencrypted credentials via SMS

Overview Visual Voice Mail VVM services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM data. Description VVM is specified by Open Mobile Terminal Platform-OMPT and is implemented with SMS and IMAP...

PreMid 访问控制错误漏洞

PreMid is a simple, configurable utility from the German company PreMid. PreMiD version 2.2.0 contains a security vulnerability that could be exploited by an attacker to receive events from a socket and send them to a socket, thereby interfering with the victim's "Now Playing" state on Discord...

The vulnerability of the CGI program of the Zyxel NBG6604 switch, related to incorrect session duration, allows attackers to gain access to the device.

The vulnerability of the CGI program of the Zyxel NBG6604 switch is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain access to the device by intercepting the authentication token...

Improper Access Control in salesagility/suitecrm

Description In SuiteCRM v7.12.4, affecting Users Module, any user with the User Type as Regular User could modify other users profiles via the update profile section. The prerequisite of this attack is by knowing the user record ID and username User Name respectively. The user records ID can be...

CVE-2022-0162

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perfo...

Tp-link TL-WR841N 安全漏洞

The Tp-link TL-WR841N is a wireless router from China P&L Tp-link. The Tp-link TL-WR841N is vulnerable to a trust management issue, which can be exploited by a remote attacker to intercept credentials and subsequently perform management operations on an affected device via the web-based managemen...

Rocky Linux 8 : thunderbird (RLSA-2021:3838)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3838 advisory. - Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted...

EcoStruxure Geo SCADA Expert 信任管理问题漏洞

EcoStruxure Geo SCADA Expert is an integrated, scalable, and reliable surveillance and data acquisition SCADA software A trust management issue vulnerability exists in EcoStruxure Geo SCADA Expert, which stems from a possible man-in-the-middle attack when communication between a client and the Ge...