CVE-2019-10103

JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101...

CVE-2019-10103

JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101...

Code injection

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...

Code injection

JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101...

CVE-2019-10102

CVE-2019-10102 affects JetBrains/Ktor-related tooling (Kotlin IDE template) before version 1.1.0, where artifacts were resolved over http during build, enabling potential MITM attacks. This vulnerability is addressed in the Kotlin plugin fix release 1.3.30; affected branches rely on prior Kotlin ...

CVE-2019-10101

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...

PT-2019-11552 · Jetbrains · Kotlin +1

Name of the Vulnerable Software and Affected Versions: JetBrains IntelliJ IDEA versions prior to Kotlin plugin version 1.3.30 Description: The issue allows for a potential MITM attack due to JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template resolving Grad...

CVE-2019-10101

CVE-2019-10101 affects JetBrains Kotlin versions before 1.3.30, where Gradle/artifact resolution used HTTP during the build, enabling an MITM attacker to intercept artifacts. The concrete detail from public sources confirms the vulnerability is tied to cleartext transmissions during artifact reso...

CVE-2019-10103

JetBrains IntelliJ IDEA projects created using the Kotlin JS Client/JVM Server IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101...

CVE-2019-10101

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack...

CVE-2017-11578

It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...

CVE-2017-11578

CVE-2017-11578 affects the Blipcare wireless blood pressure monitor. The device exposes its web management interface over plain HTTP (non-SSL), allowing an attacker on the same wireless network to conduct a MITM and sniff the user’s Wi‑Fi credentials. The impact is disclosure of credentials witho...

CVE-2017-11578

It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the...

Grammarly: Lack of CSRF header validation at https://g-mail.grammarly.com/profile

Hello! Description I found that setting up a CORS in some places will check the protocol, but it allows using http scheme. In addition, any subdomain is considered trusted. If the origin is http://www.grammarly.com, then the server will respond: Access-Control-Allow-Origin:...

CVE-2019-4150

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. IBM X-Force ID: 158510...

Command Injection

Overview All versions of wizard-syncronizer are vulnerable to Command Injection. The package does not validate input on the cloneAndSync function and concatenates it to an exec call. This can be abused through a malicious widget containing the payload in the gitURL value or through a MITM attack...

DEBIAN-CVE-2019-12855

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

Code injection

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of thes...

CVE-2019-11770

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of thes...

CVE-2018-10698

CVE-2018-10698 affects Moxa AWK-3121 v1.14. The device enables an unencrypted TELNET service by default, allowing an attacker with MITM access to sniff traffic and connect to the TELNET daemon using default credentials if unchanged. The issue is documented with a high-severity CVSS score (3.1: 9....