AZL-34616 CVE-2022-43551 affecting package cmake for versions less than 3.21.4-10

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

CVE-2022-2338 Softing Secure Integration Server Cleartext Transmission of Sensitive Information

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may...

CVE-2022-28861

The server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server...

Incorrect Resource Transfer Between Spheres in Grails

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP...

GHSA-PMXF-4V8C-RWR7 Incorrect Resource Transfer Between Spheres in Grails

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP...

CVE-2021-40846

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

Design/Logic Flaw

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

CVE-2021-40846

CVE-2021-40846 affects Rhinode Trading Paints up to version 2.0.36, where TP Updater.exe checks for and requests updates over cleartext HTTP. This enables a man-in-the-middle to substitute a malicious binary for the legitimate update without SSL warnings. The connected sources corroborate the sam...

CVE-2021-40846

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

CVE-2021-40847

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled ...

CVE-2021-38142

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured is not...

Remote code execution

Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured is not...

GHSA-PQ6V-X7GP-7776 Source code is downloaded over cleartext HTTP in portaudio

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...

Source code is downloaded over cleartext HTTP in portaudio

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...

CVE-2020-36473

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

Command injection

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

CVE-2020-36473

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

CVE-2020-36473

CVE-2020-36473 affects UCWeb UC browser versions 12.12.3.1219–12.12.3.1226. The root cause is the use of plaintext HTTP, enabling man-in-the-middle attackers to discover the URLs visited by a user. All cited sources (NVD, Red Hat, CNNVD) confirm the affected product/version range and the resultin...

CVE-2021-32612

The VeryFitPro com.veryfit2hr.second application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing...

CVE-2021-32612

The CVE-2021-32612 entry concerns the VeryFitPro Android app (package com.veryfit2hr.second, version 3.2.8). The connected sources confirm that the app performs all communication with the backend API over cleartext HTTP, including login, registration, and password-change requests. Root cause stat...