Lucene search
K

444 matches found

Veracode
Veracode
added 2020/05/06 3:17 a.m.42 views

Man-in-the-Middle (MitM)

kenrel is vulnerable to man-in-the-middle attack. Certain ipv6 protocols are not encrypted over ipsec tunnel, allowing an attacker to intercept and modify network traffic...

7.5CVSS4.2AI score0.0124EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2020/04/17 6:15 p.m.23 views

CVE-2019-6203

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic...

9.8CVSS7.5AI score0.0419EPSS
Exploits0References3
NVD
NVD
added 2020/04/01 6:15 p.m.27 views

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

6.5CVSS5.8AI score0.01188EPSS
Exploits0References1
Veracode
Veracode
added 2020/02/28 4:58 a.m.7 views

Man-in-the-Middle (MitM)

jwebunit is vulnerable to man-in-the-middle attacks. The package uses an insecure HTTP channel to resolve package dependencies, allowing an attacker to intercept and modify network traffic or introduce malicious code into the resolved package...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/26 2:48 p.m.64 views

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2020/02/10 12:0 a.m.148 views

Forcepoint WebSecurity 8.5 Cross Site Scripting

Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security Version: Forcepoint Web Security 8.5 Tested on: Windows 7,10...

4.3CVSS6.4AI score0.0298EPSS
Exploits4
ATTACKERKB
ATTACKERKB
added 2020/02/05 12:0 a.m.131 views

CVE-2020-3118 (AKA: CDPwn)

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

8.8CVSS9AI score0.11685EPSS
In wildExploits0References4
NVD
NVD
added 2019/11/27 10:15 p.m.29 views

CVE-2019-6665

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5...

9.4CVSS9.1AI score0.0113EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/27 9:57 p.m.27 views

CVE-2019-6665

On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5...

9.2AI score0.0113EPSS
Exploits0References1
CVE
CVE
added 2019/11/27 9:57 p.m.71 views

CVE-2019-6665

CVE-2019-6665 affects BIG-IP ASM (15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1), BIG-IQ 5.2.0–5.4.0 and 6.x, Enterprise Manager 3.1.1, and F5 iWorkflow 2.3.0. An attacker able to access the device communications between the BIG-IP ASM Central Policy Builder and BIG-IQ/Enterprise M...

9.4CVSS9.1AI score0.0113EPSS
Exploits0References1Affected Software4
CNVD
CNVD
added 2019/10/12 12:0 a.m.6 views

Unspecified Vulnerability in Cobham plc EXPLORER 710

The Cobham plc EXPLORER 710 is a portable satellite terminal from Cobham plc, UK. It provides features such as satellite communications and Internet access. A security vulnerability exists in the Cobham plc EXPLORER 710 using firmware version 1.07, which originates from the program not validating...

7.8CVSS6.7AI score0.00227EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/09/17 3:15 p.m.3 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.06201EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/08/02 12:0 a.m.5 views

The vulnerability of the Agent Handler component of the console for managing McAfee ePolicy Orchestrator integrated enterprise security solutions allows a perpetrator to disclose protected information.

The vulnerability of the Agent Handler component of the McAfee ePolicy Orchestrator console for managing enterprise security integrated solutions is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...

7.7CVSS5.5AI score0.01119EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2019/06/06 3:57 p.m.13 views

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

7.4CVSS5.8AI score0.06201EPSS
Exploits0References5
CVE
CVE
added 2019/05/06 5:42 p.m.63 views

CVE-2018-4069

CVE-2018-4069 is an information-disclosure vulnerability in Sierra Wireless AirLink ES450 ACEManager authentication. The flaw stems from sending authentication data in plaintext XML over HTTP to the web server, enabling an attacker who can sniff network traffic upstream to access credentials. Pub...

7.5CVSS7.2AI score0.04011EPSS
Exploits3References4Affected Software1
Apple
Apple
added 2019/03/25 12:0 a.m.40 views

About the security content of iOS 12.2

About the security content of iOS 12.2 This document describes the security content of iOS 12.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

9.8CVSS0.6AI score0.18108EPSS
Exploits10References1Affected Software1
CNVD
CNVD
added 2018/12/07 12:0 a.m.2 views

Command Execution Vulnerability in China Telecom's Smart Gateway Management Platform

China Telecom Group Corporation is a large state-owned communications enterprise in China, a global partner of Shanghai World Expo, and one of the "World's Top 500 Enterprises" for many years in a row. It mainly operates integrated information services such as fixed-line telephony, mobile...

7.1AI score
Exploits0
OSV
OSV
added 2018/12/03 10:29 p.m.3 views

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

9.8CVSS5.8AI score0.01273EPSS
Exploits1References1
Prion
Prion
added 2018/12/03 10:29 p.m.18 views

Design/Logic Flaw

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

7.5CVSS9.3AI score0.01273EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/12/03 10:29 p.m.22 views

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

9.8CVSS9.4AI score0.01273EPSS
Exploits1References1
Rows per page
Query Builder