GHSA-2R5H-GH4X-8HP9 Resources Downloaded over Insecure Protocol in igniteui

Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection. Recommendation The igniteui package has been...

Design/Logic Flaw

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

Samsung SmartThings Hub hubCore Information Disclosure Vulnerability

Samsung SmartThings Hub is a smart home management device from Samsung South Korea. A security vulnerability exists in the crash handler of the hubCore binary in Samsung SmartThings Hub, which originates from a program that sends logged minidumps to the backtrace.io service over an insecure HTTPS...

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

CVE-2016-10552

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol...

CVE-2016-10552

igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol...

CVE-2016-10552

CVE-2016-10552 affects the Ignite UI package: versions 0.0.5 and earlier download JavaScript and CSS resources over an insecure HTTP connection. The core issue is unencrypted resource loading, enabling an attacker with network access to intercept or modify content. The linked advisories corrobora...

Xunlei Download Software Upgrade Process Has Arbitrary File Download Vulnerability

Thunderbolt download is free download software based on multi-resource hyperthreading. Xunlei download software in the process of upgrading the arbitrary file download vulnerability, due to the use of insecure HTTP communication protocol to interact with the server, the attacker can take advantag...

JamieWeb: Insecure Transportation Security Protocol Supported (TLS 1.0) on https://www.jamieweb.net

Summary: https://www.jamieweb.net still support TLS 1.0 protocol which has several flaws. Vulnerability: With a SSL security scanner i was able to identify that an insecure transportation security protocol TLS 1.0 is still supported by your web server. TLS 1.0 has several flaws. An attacker can...

CVE-2017-15236

Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config files and extendword.txt...

Man-in-the-Middle (MitM)

ikst is vulnerable to resources downloaded through insecure protocol. The library downloads resources through HTTP, allowing a man-in-the-middle attack to tamper with the content in transit...

Resources Downloaded Through Insecure Protocol

gfe-sass downloads resources through an insecure protocol. The library downloads resources through HTTP, allowing a man-in-the-middle attack to tamper with the content in transit...

CVE-2017-8894

AeroAdmin 4.1 uses an insecure protocol HTTP to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine...

Design/Logic Flaw

AeroAdmin 4.1 uses an insecure protocol HTTP to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine...

CVE-2017-8894

AeroAdmin 4.1 uses an insecure protocol HTTP to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine...

Man-in-the-Middle (MitM) Through Insecure Binary Downloads

edp-package is vulnerable to man-in-the-middle MitM attacks. It uses an insecure protocol to download resources. This allows attackers to trigger MitM and other possible attacks such as remote code execution RCE on the server...

Man-in-the-Middle (MitM)

craft-ai-icons is vulnerable to man-in-the-middle MitM attacks. It uses an insecure protocol to download resources. Not having a secure connection allows the attackers to trigger MitM and other possible attacks such as remote code execution RCE on the server...

Man In The Middle (MitM)

rocketmake-nuget is vulnerable to man-in-the-middle MitM attacks. These attacks are possible because they download resources over an insecure protocol...

Resources Downloaded Via Insecure Protocol

ec2-prices is vulnerable to man-in-the-middle attacks. It downloads resources over an unencrypted HTTP connection, allowing a man-in-the-middle attack to tamper with the content in transit...

Man-in-the-Middle (MitM)

nodux-core is susceptible to man-in-the-middle MitM attacks. It uses an insecure protocol to download resources. Not having a secure connection allows the attackers to trigger MitM and other possible attacks such as remote code execution RCE on the server...