CVE-2022-1434 The OpenSSL 3.0 RC4-MD5 ciphersuite uses AAD as the MAC key, which is trivially predictable.
used. Due to the non-deterministic nature of IBM's implementation of the RC4-MD5 cipher, an attacker could potentially exploit this issue to generate traffic
CVE-2022-0023 DNS proxy feature of PAN-OS can be exploited if the firewall is mishandled during an MITM attack.
The DNS proxy feature of PAN-OS is responsible for handling DNS requests forwarded to external DNS servers. A MITM can inject DNS records into the
CVE-2022-0759: Critical Flaw in kubeclient Puts Ruby Applications at Risk of Man-in-the-Middle Attacks
A critical vulnerability has been discovered in all versions of kubeclient up to, and not including, v4.9.3. This Ruby gem is widely used
CVE-2022-21296 Vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition product.
through an application that sends requests to these APIs. The attacker needs to be able to control or manipulate the application in some way in
CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
If you have a node-fetch app or a site that serves data from remote sources, you should consider updating your security practices so that you
Episode
00:00:00
00:00:00