215 matches found
CVE-2022-32799
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...
CVE-2021-30722
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information...
CVE-2019-10926
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an...
CVE-2025-20157
A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smar...
BIT-RUBY-MIN-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
OpenShift Console Server Side Request Forgery vulnerability
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
CVE-2024-6538 Openshift-console: openshift console: server-side request forgery
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
CVE-2024-6538
A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-20395
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such ...
CVE-2024-20395
Cisco Webex App contains a vulnerability in the media retrieval functionality that could allow an unauthenticated, adjacent attacker to access sensitive session information by intercepting insecurely transmitted requests for embedded media. The root cause is insecure transmission of requests to b...
CVE-2024-23277
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...
CVE-2024-23277
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...
CVE-2024-23277
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...
BIT-RUBY-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
Improper Input Validation
chromium is vulnerable to Improper Input Validation. The vulnerability is due to Insufficient data validation in Extensions. This flaw allowed attackers in a privileged network position to install malicious extensions through a specially crafted HTML page...
CVE-2024-0333
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...
CVE-2024-0333
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...
CVE-2023-42941
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets...
CVE-2023-42941
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets...