Lucene search
+L

181 matches found

Cvelist
Cvelist
added 2020/06/11 4:49 p.m.23 views

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

8.1AI score0.00392EPSS
Exploits1References2
Prion
Prion
added 2020/03/13 6:15 p.m.19 views

Authentication flaw

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP...

5CVSS9.5AI score0.00782EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/03/13 5:26 p.m.58 views

CVE-2019-13394

The CVE-2019-13394 entry affects the Voo-branded NETGEAR CG3700b custom firmware (V2.02.03). The vulnerability is that HTTP Basic Authentication is used over cleartext HTTP, causing credentials to be transmitted unencrypted. This exposes confidentiality (and potentially integrity) of credentials ...

9.8CVSS9.4AI score0.00782EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/02/10 1:15 a.m.14 views

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

8.1CVSS7AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/02/10 1:15 a.m.40 views

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

9.3CVSS7.2AI score0.0135EPSS
Exploits0References3
Prion
Prion
added 2020/02/10 1:15 a.m.16 views

Code injection

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

9.3CVSS8AI score0.0135EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/02/10 12:30 a.m.24 views

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

8.1AI score0.0135EPSS
Exploits0References1
NVD
NVD
added 2020/01/21 5:15 p.m.16 views

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.6CVSS7.5AI score0.01091EPSS
Exploits1References3
Prion
Prion
added 2020/01/21 5:15 p.m.17 views

Code injection

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.6CVSS7.5AI score0.01091EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/01/21 4:26 p.m.21 views

CVE-2020-7213

Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallelsupdates.xml file on the http://update.parallels.com web site...

7.5AI score0.01091EPSS
Exploits1References3
NVD
NVD
added 2019/12/18 7:15 p.m.20 views

CVE-2019-19890

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...

7.5CVSS7.6AI score0.00987EPSS
Exploits1References1
Prion
Prion
added 2019/12/18 7:15 p.m.14 views

Design/Logic Flaw

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...

5CVSS7.6AI score0.00987EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/18 6:53 p.m.30 views

CVE-2019-19890

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...

7.6AI score0.00987EPSS
Exploits1References1
OSV
OSV
added 2019/12/02 9:15 p.m.16 views

CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

7.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2019/12/02 9:15 p.m.10 views

Design/Logic Flaw

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

4.3CVSS7.5AI score0.00998EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/02 8:50 p.m.19 views

CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

7.6AI score0.00998EPSS
Exploits0References1
NVD
NVD
added 2019/10/02 7:15 p.m.17 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

5.9CVSS6.1AI score0.00656EPSS
Exploits0References1
Prion
Prion
added 2019/10/02 7:15 p.m.26 views

Design/Logic Flaw

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

4.3CVSS5.7AI score0.00656EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/02 6:37 p.m.22 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

6.1AI score0.00656EPSS
Exploits0References1
NVD
NVD
added 2019/10/01 2:15 p.m.22 views

CVE-2019-14954

JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection...

5.9CVSS6.1AI score0.007EPSS
Exploits0References1
Rows per page
Query Builder