23 matches found
Meatmeet Pro App 安全漏洞
Meatmeet Pro App is a meat product purchasing application from Meatmeet, Inc. A security vulnerability exists in Meatmeet Pro App version v1.1.2.0, which stems from allowing plaintext communication that could lead to traffic interception and complete account cracking...
EUVD-2024-3603
Malicious code in bioql PyPI...
EUVD-2025-5490
Malicious code in bioql PyPI...
DragonFly's tiny file download uses hard coded HTTP protocol
The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak integrity...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
Security Bulletin: A vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2024-56128)
Summary There is a Kafka vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation...
CVE-2025-25728
CVE-2025-25728 involves Bosscomm IF740 firmware (versions 11001.7078 and v11001.0000) and System versions 6.25 and 6.00 where the device’s update API traffic is sent in plaintext, enabling MITM access to sensitive information. Related Red Hat advisories describe additional issues in the same prod...
CVE-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
CVE-2024-56128
CVE-2024-56128 affects Apache Kafka SCRAM authentication. Root cause: SCRAM server nonce verification against the server’s first message was not performed per RFC 5802, enabling plaintext-snooping scenarios if SCRAM is used over non-TLS. Impact: exploitation requires access to plaintext SCRAM exc...
CVE-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...
Omron SYSMAC Missing Authentication (CVE-2023-27396)
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
Design/Logic Flaw
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
CVE-2023-27396
CVE-2023-27396 affects Omron FINS protocol used in SYSMAC factory controllers. Issues: plaintext communication and no authentication allow interception, and arbitrary FINS messages can execute commands or reveal system info. Affected: SYSMAC CS-, CJ-, CP-, NJ-, NX1P-, NX102-series CPU Units (all ...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
CVE-2023-27396
FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...
ksmbd 安全漏洞
ksmbd is an open source kernel CIFS/SMB3 server created by Namjae Jeon for the Linux kernel. It is an implementation of the SMB/CIFS protocol in kernel space for sharing files and IPC services over a network. A security vulnerability exists in ksmbd server 3.4.2 and earlier versions, which result...
Backdoor.Win32.Delf.abb Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2910c3bea6732d5ed81a7c44d4354136.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.abb Vulnerability: Insecure Transit Description: The malware listens on TCP port...