Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability

Cisco Adaptive Security Device Manager ASDM is a simple, GUI-based firewall device management application. a remote code execution vulnerability exists in Cisco Adaptive Security Device Manager ASDM version 9.16.1 and earlier. The vulnerability stems from a lack of proper signature verification o...

FortiMail - Unauthenticated encryption in IBE leads to email plaintext recovery

A missing cryptographic step in FortiMail IBE may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible...

Philips Vue PACS 安全漏洞

Philips Vue PACS is an image management solution from Philips Europe. Philips Vue PACS suffers from a security vulnerability that arises from the software transmitting sensitive or security-critical data in clear text, a communication channel that can be sniffed by unauthorized actors...

Virus.Win32.Shodi.e Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Insecure Transit Description: The virus listens on TCP port 7352...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, an American company. A security vulnerability exists in a number of qualcomm products that stems from a weak configuration of the WLAN, causing unencrypted messages to be forwarded from one client to another. An attacker could exploit the...

Zenly: Friend Request Flow Exposes User Data

Summary: When submitting a friend request to a user, Zenly will allow access to their phone number regardless of whether the friend request is accepted or not. To obtain this information, a malicious actor only needs to know their username. Steps To Reproduce: To reproduce this issue, an...

The vulnerability of the \hms\admin\appointment-history.php component, a web application for managing hospitals within the PHPGurukul Hospital Management System, allows an attacker to intercept cookie files.

The vulnerability of the \hms\admin\appointment-history.php web application, a hospital management system for PHPGurukul, is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to intercept cookie files...

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

MGASA-2021-0272 Updated guacd packages fix security vulnerabilities

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain...

The vulnerability of the PPPoE configuration process of D-Link’s router software D-Link DIR-2640-US allows a hacker to alter routing information, intercept DNS requests, and perform phishing attacks.

The vulnerability of the PPPoE configuration process of D-Link DIR-2640-US router software lies in the presence of pre-installed registration data. Exploiting this vulnerability allows a malicious actor to alter routing information, intercept DNS requests, and carry out phishing attacks from a...

Input validation

A vulnerability in the Cisco Advanced Malware Protection AMP for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers...

CVE-2021-1566

CVE-2021-1566 affects Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) due to improper TLS certificate validation in the AMP for Endpoints integration (AsyncOS). A remote, unauthenticated attacker could perform a man-in-the-middle to intercept traffic between the device...

Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability

A vulnerability in the Cisco Advanced Malware Protection AMP for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance ESA and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers...

Cisco Advanced Malware Protection 信任管理问题漏洞

Cisco Advanced Malware Protection AMP for Endpoints for Windows is a Windows-based endpoint security solution from Cisco. The product mainly features advanced threat prevention, monitoring and response. Cisco Advanced Malware Protection has a security vulnerability that allows an unauthenticated,...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability (CVE-2020-8554)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote authenticate...

CVE-2021-22325

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission...

CVE-2021-22325

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission...

Information disclosure

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission...

CVE-2021-22325

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission...

CVE-2021-22325

Technical details (affected product/component, root cause, exact impact, and fixes) are not publicly available in the provided documents. Monitor for updates.