(Pwn2Own) NETGEAR Nighthawk R7800 ready-genie-cloud Insecure Download of Critical Component Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a...

CVE-2018-17774

Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

CVE-2018-17768

Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

Design/Logic Flaw

Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N...

in imsobear/node-browser

Overview node-browser is a wrapper webdriver by Node.js, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. I...

Central Security Project: Repositories of datanucleus are fetched over insecure protocol (http insted of https)

Maven artifact groupId: org.datanucleus artifactId: datanucleus-maven-parent version: 4.0.0 Vulnerability the jar files inside repositories are fetched using insecure protocol http instead of https. This allows these artifacts to be potentially MITMed to maliciously compromise them and infect the...

GitHub Security Lab: Java (Maven): Actually fix the use of insecure protocol to download/upload artifacts

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: Java (Maven): Use of insecure protocol to download/upload artifacts

This bug was reported directly to GitHub Security Lab...

CVE-2018-11421

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to...

CVE-2019-7097

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack...

CVE-2019-7097

Adobe Dreamweaver is affected by CVE-2019-7097: versions 19.0 and earlier have an insecure protocol implementation that can disclose sensitive data if an SMB request is subject to a relay attack. This vulnerability is documented in Adobe’s APSB19-21 advisory and is reflected in multiple feeds (Re...

Code injection

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

CVE-2019-3801

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

CVE-2019-3801

CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...

CVE-2019-3801 Java Projects using HTTP to fetch dependencies

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component...

CVE-2019-3801: Java Projects using HTTP to fetch dependencies | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub 2.1 versions prior to 2.1.3 1.9 versions prior to 1.9.10 cf-deployment All versions prior to v7.9.0 UAA Release OSS All versions prior to v64.0 Description Cloud Foundry cf-deployment, versions prio...

Adobe Dreamweaver Information Disclosure Vulnerability (APSB19-21) - Windows

Adobe Dreamweaver is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Dreamweaver Insecure Protocol Implementation Vulnerability

Adobe Dreamweaver is the United States of America Odooby Adobe company a Windows-based platform to support visual HTML editing and code editing software. A security vulnerability exists in Adobe Dreamweaver 19.0 and earlier versions for Windows and macOS based platforms. An attacker can exploit t...

GHSA-2R5H-GH4X-8HP9 Resources Downloaded over Insecure Protocol in igniteui

Affected versions of igniteui download Javascript and CSS resources over an unencrypted HTTP connection. An attacker with a privileged network position can intercept and view or modify any content sent or recieved over an unencrypted HTTP connection. Recommendation The igniteui package has been...