Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from a flaw in the verification module’s checksum. Malicious modules can bypass the...

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol in the getPackageImpl process. An attacker can introduce unauthorized packages into built images by substituting download responses from a compromised mirror, HTTP repository, or poisoned CDN...

CVE-2025-35115 Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

cpanminus 安全漏洞

cpanminus is a script by Tatsuhiko Miyagawa, an individual developer, that is used to fetch, unpack, build, and install modules from CPAN without performing any other actions. A security vulnerability exists in cpanminus version 1.7047 and prior versions, which originates from downloading code ov...

CVE-2023-5857

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. Chromium security severity: Medium...

CVE-2023-31193

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation...

M-Files 安全漏洞

M-Files is an innovative metadata-driven document management platform from M-Files, Inc. A security vulnerability exists in versions prior to M-Files New Web 22.11.12011.0 that stems from the download key for a file in the vault being passed in an insecure manner, which can be easily logged...

PT-2023-13204

Name of the Vulnerable Software and Affected Versions M-Files New Web versions prior to 22.11.12011.0 Description The download key for a file in a vault was passed in an insecure manner, making it easily loggable. This issue may potentially affect a significant number of devices worldwide, althou...

SUSE CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

CVE-2023-0700

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

CVE-2021-46417

Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580...

Franklin Fueling Systems 路径遍历漏洞

Franklin Fueling Systems is a fueling system in the United States. A security vulnerability exists in Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580, which stems from an insecure handling of the download function resulting in a path traversal issue. An attacker could explo...

GHSA-4CCC-JM2P-VG3P Downloads Resources over HTTP in windows-latestchromedriver

Affected versions of windows-latestchromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP in windows-latestchromedriver

Affected versions of windows-latestchromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

GHSA-XQ8R-R72R-PQWM Downloads Resources over HTTP in roslib-socketio

Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

Downloads Resources over HTTP in roslib-socketio

Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

GHSA-72Q2-5RXX-XFFF gfe-sass downloads Resources over HTTP

Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

gfe-sass downloads Resources over HTTP

Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-J9Q7-3RHF-4PPV windows-selenium-chromedriver downloads Resources over HTTP

Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

GHSA-H2JV-5V3F-7M7J Downloads Resources over HTTP in adamvr-geoip-lite

Affected versions of adamvr-geoip-lite insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions b...