CVE-2018-16879

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting...

PT-2019-9380 · Red Hat · Ansible Tower

Name of the Vulnerable Software and Affected Versions: Ansible Tower versions prior to 3.3.3 Description: The issue is related to the insecure configuration channel settings for messaging celery workers from RabbitMQ, which could lead to a data leak of sensitive information such as passwords and...

CVE-2018-16879

Tower does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files...

IBM Cloud Private Information Disclosure Vulnerability (CNVD-2018-26025)

IBM Cloud Private is a set of enterprise private cloud solutions from IBM USA. The product is built primarily on Kubernetes and container technology. A security vulnerability exists in IBM Cloud Private version 3.1.0, which stems from the program's failure to use a secure channel e.g., SSL to...

Code injection

The Identity and Access Management IAM services IBM Cloud Private 3.1.0 do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection...

DEBIAN-CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

Brave Software: Download of (later executed) .NET installer over insecure channel

NOTE! Thanks for submitting a report! Please fill all sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty. Summary: Execution of file NDP-KB2901954-Web.exe fetched via...

Remote code execution

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...

CVE-2017-7480

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...

CVE-2017-7480

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...

CVE-2017-7480

CVE-2017-7480 affects rkhunter = 1.4.4 (or apply vendor-provided fixes/patches) to disable insecure behavior and ensure updates are performed securely. Exploit details and active exploitation status are not provided in the supplied documents.

CVE-2017-7480

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...

CVE-2017-7480

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution...

Vimeo: USER PRIVACY VIOLATED (PRIVATE DATA GETTING TRANSFER OVER INSECURE CHANNEL )

Hello Team , Description : this report is about how a users private data is getting exploded over insecure channel . while testing the iOS App of Vimeo , i am analyzing all the traffics and came to know the video which is uploaded in my account and which privacy setting is private only is getting...

CVE-2005-3402

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle MITM attack that...

CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...

CVE-2004-0869

Internet Explorer does not prevent cookies that are sent over an insecure channel HTTP from also being sent over a secure channel HTTPS/SSL in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."...