Lucene search
K

180 matches found

Prion
Prion
added 2020/03/13 6:15 p.m.18 views

Authentication flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

5CVSS9.5AI score0.00782EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/03/13 5:26 p.m.57 views

CVE-2019-13394

The CVE-2019-13394 entry affects the Voo-branded NETGEAR CG3700b custom firmware (V2.02.03). The vulnerability is that HTTP Basic Authentication is used over cleartext HTTP, causing credentials to be transmitted unencrypted. This exposes confidentiality (and potentially integrity) of credentials ...

9.8CVSS9.4AI score0.00782EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/02/10 1:15 a.m.14 views

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

8.1CVSS7AI score
Exploits0References1
Prion
Prion
added 2020/02/10 1:15 a.m.14 views

Code injection

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

9.3CVSS8AI score0.0135EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/02/10 1:15 a.m.39 views

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

9.3CVSS7.2AI score0.0135EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/10 12:30 a.m.23 views

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

8.1AI score0.0135EPSS
Exploits0References1
NVD
NVD
added 2020/01/21 5:15 p.m.16 views

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.6CVSS7.5AI score0.01091EPSS
Exploits1References3
Prion
Prion
added 2020/01/21 5:15 p.m.16 views

Code injection

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.6CVSS7.5AI score0.01091EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/01/21 4:26 p.m.19 views

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.5AI score0.01091EPSS
Exploits1References3
NVD
NVD
added 2019/12/18 7:15 p.m.19 views

CVE-2019-19890

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...

7.5CVSS7.6AI score0.00987EPSS
Exploits1References1
Prion
Prion
added 2019/12/18 7:15 p.m.13 views

Design/Logic Flaw

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...

5CVSS7.6AI score0.00987EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/18 6:53 p.m.27 views

CVE-2019-19890

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...

7.6AI score0.00987EPSS
Exploits1References1
OSV
OSV
added 2019/12/02 9:15 p.m.15 views

CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

7.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2019/12/02 9:15 p.m.9 views

Design/Logic Flaw

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

4.3CVSS7.5AI score0.00998EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/02 8:50 p.m.17 views

CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

7.6AI score0.00998EPSS
Exploits0References1
NVD
NVD
added 2019/10/02 7:15 p.m.16 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

5.9CVSS6.1AI score0.00656EPSS
Exploits0References1
Prion
Prion
added 2019/10/02 7:15 p.m.25 views

Design/Logic Flaw

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

4.3CVSS5.7AI score0.00656EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/02 6:37 p.m.19 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

6.1AI score0.00656EPSS
Exploits0References1
NVD
NVD
added 2019/10/01 2:15 p.m.22 views

CVE-2019-14954

JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection...

5.9CVSS6.1AI score0.007EPSS
Exploits0References1
NVD
NVD
added 2019/09/16 5:15 p.m.54 views

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

6.5CVSS6.5AI score0.02035EPSS
Exploits5References4
Rows per page
Query Builder