Siemens SIMATIC Devices Channel Accessible by Non-Endpoint (CVE-2023-7008)

A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. This plugin only works with Tenable.ot. Please visit...

Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager v4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - July 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V24.0.0. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...

CBOT Chatbot 安全漏洞

CBOT Chatbot is an AI-powered real-time chat solution from CBOT. A security vulnerability exists in CBOT Chatbot Core prior to v4.0.3.4, Panel prior to v4.0.3.7, which stems from a non-endpoint accessible channel allowing man-in-the-middle attacks...

CVE-2023-2310

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

CVE-2023-2310

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

Design/Logic Flaw

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

CVE-2023-2310 Channel Accessible by Non-Endpoint

A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller RTAC could allow a remote attacker to perform a man-in-the-middle MiTM that could result in denial of service. See the ACSELERATOR RTAC SEL-5033 Software instruction...

CVE-2023-2310

CVE-2023-2310 affects Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC). Connected docs describe a Channel Accessible by Non-Endpoint vulnerability that could allow a remote attacker to perform a man-in-the-middle (MiTM) attack, potentially causing denial of service. ...

PT-2023-1072 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a spoofing vulnerability in Microsoft Exchange Server, allowing remote attackers to conduct spoofing attacks by accessing the channel from a...

Aethon TUG Home Base Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Aethon owned by ST Engineering Equipment: TUG Home Base Server Vulnerabilities: Missing Authorization, Channel Accessible by Non-endpoint, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...

Rockwellautomation Micrologix Channel Accessible by Non-Endpoint

When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller Micro800: Al...

Rockwell Automation Micro800 and MicroLogix 1400

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Micro800, MicroLogix 1400 Vulnerability: Channel Accessible by Non-endpoint 2. RISK EVALUATION Successful exploitation of this vulnerability may result in denial-of-service conditions, which...

CVE-2020-25214

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...

CVE-2018-13298

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors...

CVE-2018-13298

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors...

CVE-2018-13298

Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors...