Lucene search
+L

180 matches found

cve
cve
added 2018/02/09 3:0 p.m.47 views

CVE-2018-6826

VULNERABILITY: VOBOT CLOCK devices before version 0.99.30 are affected by a remote code execution issue. The root cause is use of plaintext HTTP to download a breakout program, enabling a man-in-the-middle to observe a local user launching the Breakout Easter Egg feature and then send a crafted H...

7.6CVSS7.6AI score0.03137EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2018/02/07 11:29 p.m.28 views

CVE-2017-15397

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

7.4CVSS7AI score0.00428EPSS
Exploits0References4
prion
prion
added 2018/02/07 11:29 p.m.16 views

Design/Logic Flaw

Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position...

5.8CVSS7.3AI score0.00428EPSS
Exploits0References4Affected Software1
cve
cve
added 2018/02/07 11:0 p.m.71 views

CVE-2017-15397

CVE-2017-15397 describes an issue in Google Chrome OS where the ChromeVox component allowed a remote attacker, positioned on the network, to observe or tamper with plaintext HTTP requests. Root cause is an inappropriate implementation within ChromeVox that mishandled plaintext network traffic. Th...

7.4CVSS7.3AI score0.00428EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2017/10/23 1:0 a.m.31 views

CVE-2017-7147

An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe...

4.2AI score0.00918EPSS
Exploits1References3
cve
cve
added 2017/10/19 10:0 p.m.65 views

CVE-2017-15643

The CVE-2017-15643 entry concerns IKARUS Anti Virus for Windows 2.16.7. Multiple connected documents confirm an active attacker can achieve remote code execution via a MITM-capable update pathway: IKARUS AV uses cleartext HTTP for updates; an attacker can coerce the client into an update, then re...

7.6CVSS7.7AI score0.06137EPSS
Exploits4References2Affected Software1
osv
osv
added 2017/04/02 1:59 a.m.4 views

CVE-2017-2412

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...

5.9CVSS7.3AI score0.00803EPSS
Exploits0References3
nvd
nvd
added 2017/04/02 1:59 a.m.16 views

CVE-2017-2412

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...

5.9CVSS4.5AI score0.00803EPSS
Exploits0References3
prion
prion
added 2017/04/02 1:59 a.m.14 views

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...

4.3CVSS4.6AI score0.00803EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2017/04/02 1:36 a.m.22 views

CVE-2017-2412

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP...

5.3AI score0.00803EPSS
Exploits0References3
nvd
nvd
added 2017/02/21 7:59 p.m.10 views

CVE-2015-4057

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...

7.5CVSS7.6AI score0.01496EPSS
Exploits0References1
prion
prion
added 2017/02/21 7:59 p.m.13 views

Design/Logic Flaw

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...

5CVSS7.3AI score0.01496EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2017/02/21 7:0 p.m.20 views

CVE-2015-4057

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network...

7.6AI score0.01496EPSS
Exploits0References1
cve
cve
added 2017/02/21 7:0 p.m.60 views

CVE-2015-4057

CVE-2015-4057 affects VCE Vision Intelligent Operations prior to 2.6.5. The Plug-in for VMware vCenter exposes the admin password by returning a cleartext HTTP response when the Settings screen is requested, enabling network sniffing attacks to reveal credentials. The underlying issue is cleartex...

7.5CVSS7.6AI score0.01496EPSS
Exploits0References1Affected Software1
cve
cve
added 2011/07/08 5:0 p.m.59 views

CVE-2011-2344

The CVE concerns Android Picasa in Android 3.0 and 2.x through 2.3.4, where authToken is transmitted over cleartext HTTP from ClientLogin. This allowed remote attackers to sniff tokens from connections to picasaweb.google.com, enabling privilege escalation to access private pictures and web album...

10CVSS7.1AI score0.01145EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2011/06/24 8:55 p.m.25 views

CVE-2011-0207

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network...

5CVSS5.5AI score0.01877EPSS
Exploits1References3
prion
prion
added 2011/06/24 8:55 p.m.24 views

Design/Logic Flaw

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network...

5CVSS6AI score0.01877EPSS
Exploits1References3Affected Software2
cve
cve
added 2011/06/24 8:0 p.m.59 views

CVE-2011-0207

CVE-2011-0207 affects Apple Mac OS X prior to 10.6.8, specifically the MobileMe component used by Mail. The root cause is the use of a cleartext HTTP session to read e‑mail aliases, allowing an attacker on the same network to sniff traffic and obtain potentially sensitive alias information. Accor...

5CVSS4.7AI score0.01877EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2011/06/24 8:0 p.m.30 views

CVE-2011-0207

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network...

4.9AI score0.01877EPSS
Exploits1References3
cve
cve
added 2010/11/05 4:28 p.m.62 views

CVE-2010-4184

CVE-2010-4184 affects NetSupport Manager (NSM) prior to version 11.00.0005. The vulnerability arises from NSM sending HTTP headers with cleartext fields that reveal details about client machines, enabling an attacker who can sniff network traffic to obtain potentially sensitive information (e.g.,...

5CVSS6.4AI score0.02533EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder