Emerson Rosemount X-STREAM Gas Analyzer 安全漏洞

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. A security vulnerability...

Liferay Portal 信息泄露漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A security vulnerability exists in Liferay Portal...

New Android malware TeaBot found stealing data, intercepting SMS

By Waqas TeaBot malware is in the early stages of development yet, so far, it has already targeted 60 banks all over Europe. This is a post from HackRead.com Read the original post: New Android malware TeaBot found stealing data, intercepting SMS...

CVE-2020-36128

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token called X-Terminal-Token to access the marketplace. This allows the store to identify the terminal and make available the applications distributed by its...

U.S. General Services Administration: e-mail verification bypass through interception & modification of response status

Hi, During registration of account at https://tams.preprod.gsa.gov, e-mail verification code validation can be bypassed through intercepting & modifying the response status-from "success":false to "success":true Video F1284281 is for reference. Steps To Reproduce 1. Open User Registration Url -...

Man-in-the-Middle (MitM)

ansible is vulnerable to man-in-the-middle attacks. The vulnerability exists because the Git module encourages the use of StrictHostKeyChecking=no with SSH, enabling attackers to intercept the traffic...

Sea Cormorant Technology hospital food ordering applet has a flawed logic vulnerability

Guangzhou Hai Cormorant Network Technology Co., Ltd, referred to as: Hai Cormorant Technology, was founded on May 19, 2014, focusing on the healthcare industry, the main business includes the development and operation of intelligent mobile service platforms for WeChat Service Number, Alipay Life...

DEBIAN-CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

SUSE: Security Advisory (SUSE-SU-2021:0241-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7308

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining...

Design/Logic Flaw

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining...

CVE-2020-7308 Transmission of data in clear text by McAfee ENS

Cleartext Transmission of Sensitive Information between McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence GTI servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining...

mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

GHSA-RJMF-P882-645M mongodb-client-encryption vulnerable to Improper Certificate Validation

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...

GHSA-GFR2-QPXH-QJ9M Path Traversal in Ansible

A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...

CVE-2021-27899

The Proofpoint Insider Threat Management Agents formerly ObserveIT Agent for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are...

VulnCheck KEV: CVE-2019-5591

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

Samsung Cloud Hijacking Vulnerability

Samsung Cloud is an application from the South Korean company Samsung Samsung. It is used to provide a function to save and view pictures. A security vulnerability exists in Samsung Cloud prior to version 4.7.0.3 that allows an attacker to intercept the provider when it is executed. No details of...

CURL-CVE-2021-22890 TLS 1.3 session ticket proxy host mix-up

Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using an HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote serve...

The vulnerability of the Cisco Jabber for Windows software platform, related to insufficient certification verification, allows a malicious actor to intercept network requests from the vulnerable software and provide maliciously created certificates.

The vulnerability of the Cisco Jabber for Windows software platform is related to insufficient certification verification. Exploiting this vulnerability allows a malicious actor to intercept network requests from the vulnerable software and provide maliciously created certificates...