255 matches found
CVE-2020-5876
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address...
Race condition
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address...
CVE-2020-5876
On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address...
CVE-2020-5876
The CVE-2020-5876 issue affects BIG-IP mcpd and related components due to a race condition that can cause unencrypted config sync attempts when changing peer ConfigSync IPs, adding peers, or TMM startup. Vulnerable versions include BIG-IP 15.0.0–15.0.1, 14.0.0–14.1.2, 13.1.0–13.1.3, 12.1.0–12.1.5...
F5 Networks BIG-IP : BIG-IP mcpd vulnerability (K32121038)
A race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel TMM first starts up...
CVE-2019-19090
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...
CVE-2020-6198
SAP Solution Manager Diagnostics Agent, version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check...
Authentication flaw
SAP Solution Manager Diagnostics Agent, version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check...
CVE-2020-6198
SAP Solution Manager Diagnostics Agent, version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check...
Unspecified Vulnerability in Amazon Ring Video Doorbell
Amazon Ring Video Doorbell is a smart wireless home security doorbell camera that allows users to use to remotely control their doorbell. The Amazon Ring Video Doorbell suffers from a security vulnerability that stems from information shared between the application and the doorbell, including Wi-...
Code injection
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
CVE-2019-0348
CVE-2019-0348 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) for versions 4.1 and 4.2. The vulnerability involves accessing the database through an unencrypted connection, despite protection expectations that data be encrypted. The connected Red Hat, CNVD, CVE lists...
Node.js third-party modules: Yarn transfers npm credentials over unencrypted http connection
Module module name: yarn version: 1.16.0 npm page: https://www.npmjs.com/package/yarn Module Description Fast, reliable, and secure dependency management. Module Stats Replace stats below with numbers from npm’s module page: 166 703 downloads in the last day 849 928 downloads in the last week 3 7...
CVE-2019-12845
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3...
Code injection
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3...
CVE-2019-12845
CVE-2019-12845 affects JetBrains TeamCity. The generated Kotlin DSL settings allowed artifacts to be resolved over an unencrypted connection, exposing potential MITM risks. Root cause: unencrypted artifact resolution in Kotlin DSL settings. Impact: exposure of artifact resolution traffic (no deta...
CVE-2019-12845
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3...
GHSA-2HPJ-G53M-9GJ6 closure-util downloads Resources over HTTP
Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-QX9M-27WH-7FJG Downloads Resources over HTTP in jvminstall
Affected versions of jvminstall insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...