Lucene search
+L

57 matches found

BDU FSTEC
BDU FSTEC
added 2022/06/02 12:0 a.m.6 views

The vulnerability of the SCADA system “SKADA-NEV”, which involves transmitting critical information in plaintext, allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the SCADA system “SKADA-NEV” is related to the transmission of critical information in plaintext. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...

10CVSS5.5AI score
Exploits0Affected Software1
OSV
OSV
added 2022/04/11 8:15 p.m.5 views

CVE-2022-20081

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919...

5.9CVSS5.9AI score0.00529EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2022/04/05 7:0 a.m.6 views

ALPACA is an application layer protocol content confusion attack exploiting TLS servers implementing different protocols but using compatible certificates such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

...

7.4CVSS7.5AI score0.02037EPSS
Exploits0
CNNVD
CNNVD
added 2021/08/14 12:0 a.m.8 views

UCWeb 安全漏洞

UCWeb is a browser. A security vulnerability exists in UCWeb versions 12.12.3.1219 through 12.12.3.1226, which stems from the use of the plaintext HTTP protocol in the affected software versions. An attacker could use the vulnerability to conduct a man-in-the-middle attack to discover the URLs...

4.3CVSS5.2AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2021/05/14 5:15 p.m.2 views

CVE-2021-20564

IBM Cloud Pak for Security CP4S 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information usin...

5.9CVSS6.5AI score
Exploits0References2
CNNVD
CNNVD
added 2021/04/02 12:0 a.m.8 views

Cohesity DataPlatform 访问控制错误漏洞

Cohesity DataPlatform is a suite of platforms from Cohesity for managing ancillary data and applications. The platform is primarily used for data backup, instant recovery, and more. Cohesity DataPlatform An access control error vulnerability exists that allows an attacker to access a Cohesity...

5.9CVSS6.1AI score0.01015EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/19 12:0 a.m.9 views

TweetStream Trust Management Issue Vulnerability

Steve Agalloco TweetStream is an application from Steve Agallocoe Steve Agalloco, USA. Provides TweetStream provides simple Ruby access to Twitter's Streaming API. A vulnerability exists in TweetStream for trust management issues. The vulnerability stems from a failure to perform security checks ...

5.9CVSS6.2AI score0.00862EPSS
Exploits1References3
CNVD
CNVD
added 2020/12/22 12:0 a.m.4 views

IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2020-74622)

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An information disclosure vulnerability exists in IBM Security Secret Serve...

5.9CVSS6.1AI score0.01192EPSS
Exploits0References1
OSV
OSV
added 2020/07/23 9:15 p.m.6 views

CVE-2020-7520

A CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Schneider Electric Software Update SESU, V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on...

4.7CVSS6AI score0.00931EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/04/25 7:43 a.m.4 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.06201EPSS
Exploits0References5
OSV
OSV
added 2019/02/19 5:29 p.m.3 views

CVE-2018-1996

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650...

5.3CVSS5.8AI score0.01142EPSS
Exploits0References3
OSV
OSV
added 2018/09/07 10:29 p.m.5 views

CVE-2017-17691

Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack...

8.1CVSS5.8AI score0.01029EPSS
Exploits1References1
OSV
OSV
added 2018/08/14 12:0 a.m.2 views

UBUNTU-CVE-2018-1139

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client...

8.1CVSS6.7AI score0.03105EPSS
Exploits0References4
OSV
OSV
added 2018/06/04 4:29 p.m.7 views

CVE-2016-10693

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

8.1CVSS6.3AI score0.01752EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/11/27 6:4 p.m.6 views

OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612)

It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server...

5.3CVSS7.4AI score0.16181EPSS
Exploits2References4
myhack58
myhack58
added 2017/10/12 12:0 a.m.79 views

Important vulnerabilities early warning: the Windows DNS client in the broke multiple heap buffer overflow flaws vulnerabilities in bug-bug warning-the black bar safety net

Microsoft has in the 2017 year 10 months official fix for the vulnerability CVE-2017-11779, the vulnerability includes the Windows DNS client in the plurality of memory corruption vulnerabilities, running Windows 8/Server 2012 and an updated version ofOSthe computer will be affected by this...

9.6AI score0.33338EPSS
Exploits1
CNVD
CNVD
added 2017/07/07 12:0 a.m.4 views

NetApp AltaVault Man-in-the-Middle Attack Vulnerability

NetApp AltaVault is a cloud storage solution from NetApp. The solution features scalability, data encryption, and support for data backup and recovery. A security vulnerability exists in NetApp AltaVault 4.1 and earlier versions. An attacker could use this vulnerability to conduct a...

8.1CVSS6.8AI score0.00882EPSS
Exploits0References1
OSV
OSV
added 2017/06/08 8:29 p.m.6 views

CVE-2016-5648

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate...

5.3CVSS5.8AI score0.01173EPSS
Exploits1References4
CNVD
CNVD
added 2017/05/19 12:0 a.m.3 views

Life Before Us Yo app for iOS Authentication Vulnerability

Life Before Us Yo app for iOS is an iOS based social mobile application developed by Yo Inc. An authentication vulnerability exists in version 2.5.8 of the Life Before Us Yo app for iOS, which stems from the program failing to validate an X.509 certificate on the server side of an SSL server. The...

5.9CVSS6.8AI score0.00486EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/04/03 9:2 p.m.5 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.4AI score0.09254EPSS
Exploits0References4
Rows per page
Query Builder