Lucene search
K

180 matches found

CVE
CVE
added 2021/06/16 11:53 a.m.86 views

CVE-2021-32612

The CVE-2021-32612 entry concerns the VeryFitPro Android app (package com.veryfit2hr.second, version 3.2.8). The connected sources confirm that the app performs all communication with the backend API over cleartext HTTP, including login, registration, and password-change requests. Root cause stat...

8.1CVSS7.9AI score0.01094EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2021/05/10 6:15 a.m.2 views

CVE-2021-3003

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates...

5.3CVSS5.8AI score0.00801EPSS
Exploits1References2
Prion
Prion
added 2021/05/10 6:15 a.m.12 views

Design/Logic Flaw

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates...

4.3CVSS5.2AI score0.00801EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/07 7:31 p.m.3 views

CVE-2021-27574

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

8.1CVSS7.5AI score0.01078EPSS
Exploits1References2
NVD
NVD
added 2021/05/07 7:31 p.m.26 views

CVE-2021-27574

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

8.1CVSS0.01078EPSS
Exploits1References2
Prion
Prion
added 2021/05/07 7:31 p.m.22 views

Design/Logic Flaw

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

6.8CVSS8AI score0.01078EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/05/07 4:32 p.m.38 views

CVE-2021-27574

The CVE-2021-27574 issue affects Emote Remote Mouse up to version 4.0.0.0, where the update mechanism uses cleartext HTTP to check and fetch updates. This design enables a man-in-the-middle attacker to replace a legitimate update with a malicious binary without triggering SSL errors or warnings. ...

8.1CVSS8.4AI score0.01078EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/05/07 4:32 p.m.31 views

CVE-2021-27574

An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

8.2AI score0.01078EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/05/06 12:0 a.m.52 views

Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4938-1 advisory. It was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of...

9.8CVSS7.7AI score0.02179EPSS
Exploits0References14
NVD
NVD
added 2021/04/27 6:15 a.m.15 views

CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

5.9CVSS0.01339EPSS
Exploits0References3
OSV
OSV
added 2021/04/27 6:15 a.m.2 views

UBUNTU-CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

5.9CVSS7.3AI score0.01339EPSS
Exploits0References4
NVD
NVD
added 2021/02/13 1:15 a.m.13 views

CVE-2021-27209

In the management interface on TP-Link Archer C5v 1.7181221 devices, credentials are sent in a base64 format over cleartext HTTP...

7.1CVSS0.0023EPSS
Exploits1References1
NVD
NVD
added 2020/12/23 4:15 p.m.16 views

CVE-2020-11718

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP...

7.4CVSS7.5AI score0.00846EPSS
Exploits1References2
Prion
Prion
added 2020/12/23 4:15 p.m.12 views

Design/Logic Flaw

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP...

5.8CVSS7.4AI score0.00846EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/12/23 3:54 p.m.50 views

CVE-2020-11718

CVE-2020-11718 affects Programi Bilanc build 007 release 014 (and earlier). The issue is that software-update packages are downloaded via cleartext HTTP, exposing update delivery to eavesdropping or tampering. NVD attributes a CVSS‑2 base score of 5.8 (PARTIAL confidentiality and integrity impact...

7.4CVSS7.4AI score0.00846EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/12/23 3:54 p.m.31 views

CVE-2020-11718

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP...

7.5AI score0.00846EPSS
Exploits1References2
Kitploit
Kitploit
added 2020/09/30 8:30 p.m.108 views

H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...

7.4AI score
Exploits0References6
NVD
NVD
added 2020/06/11 5:15 p.m.8 views

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

8.1CVSS0.00392EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/06/11 4:49 p.m.17 views

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

8.1AI score0.00392EPSS
Exploits1References2
CVE
CVE
added 2020/06/11 4:49 p.m.40 views

CVE-2020-11614

The CVE-2020-11614 entry concerns Mids’ Reborn Hero Designer 2.6.0.7. The vulnerability arises because the application downloads the update manifest and update files over cleartext HTTP and does not perform file integrity validation after download. This enables a man-in-the-middle attacker to rep...

8.1CVSS8AI score0.00392EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder