CVE-2020-8809

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

Code injection

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

CVE-2019-16274

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...

Design/Logic Flaw

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...

CVE-2019-16274

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...

CVE-2019-16274

DTEN DT5/D7 devices (before firmware 1.3) expose customer data by transferring files over unencrypted HTTP. Concrete details across multiple sources confirm the affected products and version bounds, with the underlying issue described as unencrypted HTTP data transfer that can lead to exposure of...

Design/Logic Flaw

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

Man-in-the-Middle (MitM)

openapi-generator is vulnerable to man-in-the-middle attacks. Resolved dependencies in build.gradle, build.gradle.mustache and build.sbt are performed over an unencrypted HTTP channel, which would allow a remote attacker to intercept and modify network traffic during the installation of...

Insecure Default Configuration in airbrake

Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information...

GHSA-856X-CP3Q-47VG Insecure Default Configuration in airbrake

Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information...

GHSA-VVWP-3F54-XC39 Downloads Resources over HTTP in broccoli-closure

Affected versions of broccoli-closure insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP in bkjs-wand

Affected versions of bkjs-wand insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

GHSA-J3CR-J9JX-MF4P Downloads Resources over HTTP in redis-srvr

Affected versions of redis-srvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Downloads Resources over HTTP in native-opencv

Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-G84J-95X2-7G67 Downloads Resources over HTTP in tomita

Affected versions of tomita insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

GHSA-WX3Q-6X7X-JJW4 mystem downloads Resources over HTTP

Affected versions of mystem insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

Downloads Resources over HTTP in product-monitor

Affected versions of product-monitor insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

GHSA-6PWF-WHC8-HJF6 Downloads Resources over HTTP in baryton-saxophone

Affected versions of baryton-saxophone insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

Downloads Resources over HTTP in webdrvr

Affected versions of webdrvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

Security Bulletin: IBM Tealeaf Customer Experience internal connections not encrypted (CVE-2015-4961)

Summary Internal connections between IBM Tealeaf Customer Experience servers use unencrypted HTTP. Vulnerability Details CVEID: CVE-2015-4961 DESCRIPTION: In an IBM Tealeaf environment with multiple servers, connections to the Tealeaf Data Service, Search Service, Replay Service, and Tracking...