23% of Tor browser relays found to be stealing Bitcoin

By Sudais Asif The threat actor was able to see the user's transmitted data on the Tor browser and tamper with it for their own ill-motives. This is a post from HackRead.com Read the original post: 23% of Tor browser relays found to be stealing Bitcoin...

PT-2020-20366 · Google · Google Play Core Library

Name of the Vulnerable Software and Affected Versions: Google Play Core Library versions prior to 1.7.2 Description: A local, arbitrary code execution issue exists in the SplitCompat.install endpoint in Android's Play Core Library. This allows a malicious attacker to create an apk that targets a...

Satellite Internet connections can easily be intercepted by hackers

By Zara Khan The author of the research identified that hackers can target a Satellite with merely a $300 device. This is a post from HackRead.com Read the original post: Satellite Internet connections can easily be intercepted by hackers...

Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. And all they need is $300 worth of off-the-shelf equipment to pull it off. That’s the word from James Pavur, an academi...

About the security content of iOS 12.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Information Disclosure

github.com/pritunl/pritunl-client-electron is vulnerable to information disclosure. The client does not verify signature using HMAC SHA-512, allowing a man-in-the-middle attacker to intercept amd modify all the traffic through an attacker's VPN to reveal the confidential information...

IBM Planning Analytics Licensing Issues Vulnerabilities

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0, which stems from the...

Zomato: Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter

Hi Team I have found an issue in support rider amount calculation at the time of checkout where the amount is tamperable by negative fraction of rupees which makes the total amount decreased by maximum of 1rs. POC - 1-Goto - zomato.com 2 - Add anything to your cart 3- At the checkout page , Add...

CVE-2020-15813

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...

Privilege Escalation

An attacker is able to intercept certain requests to the Kubelet and send a redirect response that may be followed by a client using the credentials from the original request. This can lead to compromise of other nodes...

Man-in-the-Middle (MitM)

dogtag-pki is vulnerable to man-in-the-middle attack. The certificate validation is disabled by default and is not configurable, allowing an attacker to perform a man-in-the-middle attack to intercept and modify network traffic...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation incl. SIPLUS variants All versions, SIMATIC HMI Basic Panels 2nd Generation incl. SIPLUS variants All versions, SIMATIC HMI Comfort Panels incl. SIPLUS variants All versions, SIMATIC HMI KTP700F Mobile Arctic All...

PT-2021-9173 · Openshift Container Platform · Kibana

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform's distribution of Kibana affected versions not specified Description: A flaw in OpenShift Container Platform's distribution of Kibana allows it to be opened in an iframe, enabling an attacker to intercept and...

DEBIAN-CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

UBUNTU-CVE-2020-7692

PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized...

The vulnerability of the Microsoft Visual Studio Code Live Share Extension, related to the lack of data protection for service data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Visual Studio Code Live Share Extension relates to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by intercepting tokens from the client to...

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. The reported flaws could potentially let bad actors achieve full control ove...

F5 NGINX Controller Trust Management Issues Vulnerability (CNVD-2021-18398)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 1.0.1, 2.0.0 through 2.9.0, and 3.0.0 through 3.5.0...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...