Lucene search
+L

446 matches found

Positive Technologies
Positive Technologies
added 2021/02/25 12:0 a.m.7 views

PT-2021-13886 · Mongodb · Mongodb-Client-Encryption

Name of the Vulnerable Software and Affected Versions: mongodb-client-encryption module version 1.2.0 Description: The issue arises from the mongodb-client-encryption module's failure to correctly validate the KMS server's certificate. This could allow an attacker with a privileged network positi...

6.8CVSS6.9AI score0.00204EPSS
Exploits0References10
NVD
NVD
added 2021/02/19 4:15 p.m.31 views

CVE-2021-22703

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

7.5CVSS0.00573EPSS
Exploits0References1
NVD
NVD
added 2021/02/19 4:15 p.m.25 views

CVE-2021-22702

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor...

7.5CVSS0.00566EPSS
Exploits0References1
Prion
Prion
added 2021/02/19 4:15 p.m.18 views

Design/Logic Flaw

A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 see notification for affected versions, that could cause disclosure of user credentials when a malicious actor intercepts HTT...

5CVSS7.3AI score0.00573EPSS
Exploits0References1Affected Software4
OSV
OSV
added 2021/01/21 5:15 p.m.33 views

CVE-2020-8554

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

5CVSS9.2AI score
Exploits0References10
OSV
OSV
added 2021/01/21 5:15 p.m.8 views

AZL-31696 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

5CVSS6.7AI score0.09274EPSS
Exploits3References1
OSV
OSV
added 2021/01/21 5:15 p.m.14 views

AZL-31731 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

5CVSS6.7AI score0.09274EPSS
Exploits3References1
Prion
Prion
added 2021/01/21 5:15 p.m.26 views

Code injection

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

6CVSS4.9AI score0.09274EPSS
Exploits3References9Affected Software3
CVE
CVE
added 2021/01/21 5:9 p.m.335 views

CVE-2020-8554

CVE-2020-8554 affects the Kubernetes API server by allowing an attacker who can create a ClusterIP service with a crafted spec.externalIPs to intercept traffic to that IP, and by abusing privileged status.patch on a LoadBalancer service to set status.loadBalancer.ingress.ip. The issue is rooted i...

6.3CVSS5.7AI score0.09274EPSS
Exploits3References10Affected Software1
Debian CVE
Debian CVE
added 2021/01/21 5:9 p.m.47 views

CVE-2020-8554

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

6.3CVSS5.8AI score0.09274EPSS
Exploits3
GitLab Advisory Database
GitLab Advisory Database
added 2021/01/21 12:0 a.m.27 views

Incorrect Authorization

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

6.3CVSS4.9AI score0.09274EPSS
Exploits3References1
GitLab Advisory Database
GitLab Advisory Database
added 2021/01/21 12:0 a.m.44 views

Incorrect Authorization

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...

6.3CVSS4.9AI score0.09274EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2021/01/20 4:54 p.m.6 views

kubernetes: MITM using LoadBalancer or ExternalIPs

A flaw was found in kubernetes. If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster...

6.3CVSS7.1AI score0.09274EPSS
Exploits3References6
OSV
OSV
added 2020/11/06 5:15 p.m.3 views

CVE-2020-8577

SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session...

5.9CVSS6.2AI score0.01014EPSS
Exploits0References1
Gitee
Gitee
added 2020/10/28 9:44 p.m.5 views

bettercap-proxy-modules

This is a collection of HTTP proxy modules for the BetterCap framework, a tool for performing network attacks and penetration testing. The modules are designed to be used with the BetterCap proxy server, which can be configured to intercept and modify HTTP traffic between a client and a server. T...

7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/09/17 8:25 a.m.28 views

Speed 2 – The Poseidon Adventure – Part Two

This post is a companion to the DEF CON 28 video available here Part One is available here Issue 3: Time and Tide Wait for No VLAN As mentioned the cabin switch appeared to be the key to all our access requirements. From that we could get to the trunk network, and all those TV, VOIP, and Wi-Fi...

7.8AI score
Exploits0
Apple
Apple
added 2020/07/27 8:18 a.m.57 views

About the security content of iOS 12.2 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

9.8CVSS0.7AI score0.18108EPSS
Exploits10Affected Software1
Veracode
Veracode
added 2020/07/22 3:25 a.m.13 views

Information Disclosure

github.com/pritunl/pritunl-client-electron is vulnerable to information disclosure. The client does not verify signature using HMAC SHA-512, allowing a man-in-the-middle attacker to intercept amd modify all the traffic through an attacker's VPN to reveal the confidential information...

7.5CVSS6.5AI score0.00698EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/07/17 7:15 p.m.15 views

CVE-2020-15813

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...

8.1CVSS0.00779EPSS
Exploits0References1
Veracode
Veracode
added 2020/07/15 7:25 a.m.32 views

Man-in-the-Middle (MitM)

dogtag-pki is vulnerable to man-in-the-middle attack. The certificate validation is disabled by default and is not configurable, allowing an attacker to perform a man-in-the-middle attack to intercept and modify network traffic...

6.8CVSS4.1AI score0.01009EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder