58 matches found
EUVD-2017-16537
Malware in sbrugna...
EUVD-2020-20163
Malware in sbrugna...
EUVD-2021-26409
Malware in sbrugna...
CVE-2019-10997
An issue was discovered on Phoenix Contact AXC F 2152 No.2404267 before 2019.0 LTS and AXC F 2152 STARTERKIT No.1046568 before 2019.0 LTS devices. Protocol Fuzzing on PC WORX Engineer by a man in the middle attacker stops the PLC service. The device must be rebooted, or the PLC service must be...
Linux Distros Unpatched Vulnerability : CVE-2019-6109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ...
Linux Distros Unpatched Vulnerability : CVE-2019-6111
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the...
FreeBSD : PostgreSQL -- libpq retains an error message from man-in-the-middle (a61ef21b-a29e-11ef-af48-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a61ef21b-a29e-11ef-af48-6cc21735f730 advisory. PostgreSQL project reports: Client use of server error message in PostgreSQL allows a server not truste...
CVE-2024-28860
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
Authentication flaw
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...
CVE-2022-22386
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. I...
EulerOS Virtualization 3.0.6.0 : rsync (EulerOS-SA-2023-2204)
According to the versions of the rsync packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories...
F5 Networks BIG-IP : OpenSSH vulnerability (K12252011)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K12252011 advisory. An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicio...
Amazon Linux 2022 : rsync, rsync-daemon (ALAS2022-2022-158)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-158 advisory. An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large numbe...
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...
Ubuntu 18.04 LTS / 20.04 LTS : PostgreSQL vulnerabilities (USN-5145-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5145-1 advisory. Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly u...
CVE-2021-23222
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...
PHP 7.3.x < 7.3.29 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...
Ubuntu 18.04 LTS / 20.04 LTS : BlueZ vulnerabilities (USN-4989-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4989-1 advisory. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to...
CVE-2017-10388
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1419)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...