EUVD-2023-47012

Malicious code in bioql PyPI...

CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

DEBIAN-CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

Linux Distros Unpatched Vulnerability : CVE-2025-3839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to...

CVE-2023-42579

Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...

CVE-2018-17774

Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

CVE-2024-42186 HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation...

CVE-2024-42186 HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support

BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation...

CVE-2024-42186

CVE-2024-42186 affects HCL BigFix Patch Download Plug-ins due to insecure protocol support that can lead to improper handling of SSL certificate validation. According to available sources, the CVSSv3.1 vector is LOCAL, with HIGH attack complexity and LOW privileges required, yielding a LOW base s...

HCL BigFix Patch Management 信任管理问题漏洞

HCL BigFix Patch Management is a comprehensive patch management solution from HCL Corporation that is used to help organizations effectively manage and deploy security and non-security patches for operating systems and applications. A security vulnerability exists in HCL BigFix Patch Management...

CVE-2024-11946

iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...

PT-2024-17358 · Ixsystems · Ixsystems Truenas Core

Name of the Vulnerable Software and Affected Versions: iXsystems TrueNAS CORE affected versions not specified Description: This issue allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. The specific flaw exists within the...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox for iOS suffers from a spoofing vulnerability caused by an error when accessing a non-secure HTTP site that uses a non-existent port. An attacker can use this vulnerability to make the...

USN-7104-1 curl vulnerability

It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure...

Resources Downloaded Over Insecure Protocol

gradio is vulnerable to Resources Downloaded over Insecure Protocol. The vulnerability is due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious code by modifying the binary without detection if they gain access to the remote URL from which the FRP...

Fedora 39 : curl (2024-6dab59bd47)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6dab59bd47 advisory. - fix Usage of disabled protocol CVE-2024-2004 - fix HTTP/2 push headers memory-leak CVE-2024-2398 Tenable has extracted the preceding description...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1236)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-GOLANG-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module...

golang: cmd/go: Protocol Fallback when fetching modules

A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available...

RHEL 7 : go-toolset-1.19-golang (RHSA-2024:1041)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1041 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang:...