CVE-2018-10694

The CVE-2018-10694 issue affects Moxa AWK-3121 (version 1.14). The root cause is an open, unencrypted Wi‑Fi setup by default, enabling an attacker on the same network to sniff traffic between a user’s computer and the device, potentially stealing credentials over HTTP and TELNET, and performing M...

CVE-2019-8282

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle MITM attack and replace original language pack by malicious one...

Design/Logic Flaw

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle MITM attack and replace original language pack by malicious one...

CVE-2019-8282

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle MITM attack and replace original language pack by malicious one...

CVE-2018-5408 PrinterLogic Print Management Software fails to validate the management portal SSL certificates

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a...

CVE-2018-5408

CVE-2018-5408 affects PrinterLogic Print Management Software (up to 18.3.1.96). The issue is improper validation of the management portal’s SSL certificate, enabling potential MITM spoofing of a trusted host and data origin deception. Impacts include partial confidentiality/integrity and a networ...

D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream

D-Link has only partially patched critical flaws affecting its consumer WiFi camera, which allow hackers to intercept and view recorded video. They also allow attackers to manipulate the device’s firmware, according to security researchers. The camera in question is D-Link’s DCS-2132L cloud camer...

Man-in-the-Middle (MitM)

RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently...

CVE-2019-10248

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

Design/Logic Flaw

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

CVE-2019-10248

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

CVE-2019-10248

CVE-2019-10248 affects Eclipse Vorto prior to 0.11. Maven build artifacts for the Xtext project were resolved over HTTP rather than HTTPS, enabling potential MITM tampering of dependency artifacts. This could allow infected build artifacts to be produced. The issue is tied to the build/download c...

CVE-2019-11404

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts for compiling and building the published JARs over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack...

DEBIAN-CVE-2018-20200

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale...

CVE-2019-11065

A flaw was discovered in Gradle, where it uses an insecure HTTP URL to download dependencies. This flaw causes dependency artifacts to be maliciously compromised by a Man-in-the-middleMITM attack...

CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

UBUNTU-CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

CVE-2019-11065

CVE-2019-11065 affects Gradle versions 1.4–5.3.1, where the Gradle plugins for JavaScript or CoffeeScript used an insecure HTTP URL to fetch dependencies from ajax.googleapis.com. This path could allow MITM tampering of dependency artifacts. The provided connected documents confirm the vulnerabil...

CVE-2017-17023

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering www.ncp-e.com. The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows...