444 matches found
Man-in-the-Middle (MitM)
kenrel is vulnerable to man-in-the-middle attack. Certain ipv6 protocols are not encrypted over ipsec tunnel, allowing an attacker to intercept and modify network traffic...
CVE-2019-6203
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic...
CVE-2020-9770
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...
Man-in-the-Middle (MitM)
jwebunit is vulnerable to man-in-the-middle attacks. The package uses an insecure HTTP channel to resolve package dependencies, allowing an attacker to intercept and modify network traffic or introduce malicious code into the resolved package...
New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users
A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...
Forcepoint WebSecurity 8.5 Cross Site Scripting
Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security Version: Forcepoint Web Security 8.5 Tested on: Windows 7,10...
CVE-2020-3118 (AKA: CDPwn)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...
CVE-2019-6665
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5...
CVE-2019-6665
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5...
CVE-2019-6665
CVE-2019-6665 affects BIG-IP ASM (15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1), BIG-IQ 5.2.0–5.4.0 and 6.x, Enterprise Manager 3.1.1, and F5 iWorkflow 2.3.0. An attacker able to access the device communications between the BIG-IP ASM Central Policy Builder and BIG-IQ/Enterprise M...
Unspecified Vulnerability in Cobham plc EXPLORER 710
The Cobham plc EXPLORER 710 is a portable satellite terminal from Cobham plc, UK. It provides features such as satellite communications and Internet access. A security vulnerability exists in the Cobham plc EXPLORER 710 using firmware version 1.07, which originates from the program not validating...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
The vulnerability of the Agent Handler component of the console for managing McAfee ePolicy Orchestrator integrated enterprise security solutions allows a perpetrator to disclose protected information.
The vulnerability of the Agent Handler component of the McAfee ePolicy Orchestrator console for managing enterprise security integrated solutions is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...
qpid-proton: TLS Man in the Middle Vulnerability
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
CVE-2018-4069
CVE-2018-4069 is an information-disclosure vulnerability in Sierra Wireless AirLink ES450 ACEManager authentication. The flaw stems from sending authentication data in plaintext XML over HTTP to the web server, enabling an attacker who can sniff network traffic upstream to access credentials. Pub...
About the security content of iOS 12.2
About the security content of iOS 12.2 This document describes the security content of iOS 12.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...
Command Execution Vulnerability in China Telecom's Smart Gateway Management Platform
China Telecom Group Corporation is a large state-owned communications enterprise in China, a global partner of Shanghai World Expo, and one of the "World's Top 500 Enterprises" for many years in a row. It mainly operates integrated information services such as fixed-line telephony, mobile...
CVE-2018-14708
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...
Design/Logic Flaw
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...
CVE-2018-14708
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...