266 matches found
CVE-2019-10101
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...
Design/Logic Flaw
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...
CVE-2018-10694
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...
openSUSE Security Update : nodejs10 (openSUSE-2019-1211)
This update for nodejs10 to version 10.1.2 fixes the following issue: Security issue fixed : - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127532. This update was imported from the SUSE:SLE-12:Update update projec...
GHSA-R8H9-HQ9C-2P5C High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...
CVE-2019-1010260
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...
CVE-2019-1010260
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and...
EulerOS 2.0 SP2 : wget (EulerOS-SA-2019-1130)
According to the version of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass...
SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0818-1)
This update for nodejs6 to version 6.17.0 fixes the following issues : Security issues fixed : CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127533. CVE-2019-5737: Fixed a potentially attack vector which could lead ...
Security update for nodejs4 (moderate)
openSUSE Security Update: Security update for nodejs4 Announcement ID: openSUSE-SU-2019:1076-1 Rating: moderate References: 1127080 1127532 1127533 Cross-References: CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 Affected Products: openSUSE Leap 42.3 An update that fixes three vulnerabilities is now...
SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:0636-1)
This update for nodejs10 to version 10.1.2 fixes the following issue : Security issue fixed : CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127532. Note that Tenable Network Security has extracted the preceding...
SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:0627-1)
This update for nodejs10 to versio 10.15.2 fixes the following issue : Security issue fixed : CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127532. Note that Tenable Network Security has extracted the preceding...
GHSA-856X-CP3Q-47VG Insecure Default Configuration in airbrake
Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information...
GHSA-VVWP-3F54-XC39 Downloads Resources over HTTP in broccoli-closure
Affected versions of broccoli-closure insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
Downloads Resources over HTTP in jvminstall
Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-9JF3-F2PG-7868 nw-with-arm downloads Resources over HTTP
Affected versions of nw-with-arm insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Downloads Resources over HTTP in cue-sdk-node
Affected versions of cue-sdk-node insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Downloads Resources over HTTP in webrtc-native
Affected versions of webrtc-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
dalek-browser-ie-canary downloads Resources over HTTP
Affected versions of dalek-browser-ie-canary insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...