8 matches found
EUVD-2021-28002
Malicious code in bioql PyPI...
CVE-2021-40846
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...
CVE-2021-40846
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...
CVE-2021-40846
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...
Design/Logic Flaw
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...
CVE-2021-40846
CVE-2021-40846 affects Rhinode Trading Paints up to version 2.0.36, where TP Updater.exe checks for and requests updates over cleartext HTTP. This enables a man-in-the-middle to substitute a malicious binary for the legitimate update without SSL warnings. The connected sources corroborate the sam...
CVE-2021-40846
An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...
Rhinode Trading Paints 安全漏洞
Rhinode Trading Paints is used by Rhinode USA to add customized car paint to iRacing. A security vulnerability exists in Rhinode Trading Paints versions prior to 2.0.36, which stems from the fact that TP Updater.exe uses plaintext HTTP to check for and request updates. As a result, an attacker...