Lucene search
K

180 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 6:7 p.m.10 views

CVE-2019-12728

Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP...

8.1CVSS6.7AI score0.0083EPSS
Exploits1References1
OSV
OSV
added 2024/10/28 12:15 a.m.20 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

6.4AI score
Exploits0References5
NVD
NVD
added 2024/10/28 12:15 a.m.17 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

5.9CVSS0.0025EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/27 12:0 a.m.5 views

PT-2024-34364

Name of the Vulnerable Software and Affected Versions: KDE Kmail versions prior to 6.2.0 Description: The issue allows man-in-the-middle attackers to trigger the use of an attacker-controlled mail server. This is because cleartext HTTP is used for retrieving configuration from URLs such as...

5.9CVSS6.5AI score0.0025EPSS
Exploits0References23
Vulnrichment
Vulnrichment
added 2024/10/27 12:0 a.m.8 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

6.7AI score0.0025EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/10/27 12:0 a.m.10 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

5.9CVSS5.8AI score0.0025EPSS
Exploits0
CVE
CVE
added 2024/10/27 12:0 a.m.82 views

CVE-2024-50624

CVE-2024-50624 affects KDE PIM’s KMail, specifically the Account Wizard, where configuration retrieval uses cleartext HTTP instead of HTTPS for autoconfig servers (e.g., http://autoconfig.example.com or http://example.com/.well-known/autoconfig). Connected advisories confirm this issue in KMail A...

5.9CVSS6.8AI score0.0025EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/27 12:0 a.m.14 views

CVE-2024-36426

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session...

6.9AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/27 12:0 a.m.25 views

CVE-2024-36426

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session...

6.5AI score0.00289EPSS
Exploits0References3
NVD
NVD
added 2023/11/04 11:15 p.m.26 views

CVE-2023-46382

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions use cleartext HTTP for login...

7.5CVSS7.7AI score0.02521EPSS
Exploits2References5
NVD
NVD
added 2023/11/04 11:15 p.m.31 views

CVE-2023-46380

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions send password-change requests via cleartext HTTP...

7.5CVSS7.7AI score0.02521EPSS
Exploits2References5
Prion
Prion
added 2023/11/04 11:15 p.m.25 views

Design/Logic Flaw

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login...

5CVSS7.4AI score0.02521EPSS
Exploits2References3Affected Software3
Prion
Prion
added 2023/11/04 11:15 p.m.15 views

Design/Logic Flaw

LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP...

5CVSS7.3AI score0.02521EPSS
Exploits2References3Affected Software3
Cvelist
Cvelist
added 2023/11/04 12:0 a.m.27 views

CVE-2023-46382

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions use cleartext HTTP for login...

8AI score0.02521EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/11/04 12:0 a.m.10 views

CVE-2023-46380

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions send password-change requests via cleartext HTTP...

7AI score0.02521EPSS
Exploits2References4
CVE
CVE
added 2023/11/04 12:0 a.m.70 views

CVE-2023-46382

CVE-2023-46382 affects LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, and L-INX Configurator devices (all versions) with cleartext HTTP login. The connected ICS advisory confirms remote exploitation potential via unencrypted credentials and lists affected firmware for ...

7.5CVSS7.8AI score0.02521EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2023/11/04 12:0 a.m.56 views

CVE-2023-46380

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions send password-change requests via cleartext HTTP...

8AI score0.02521EPSS
Exploits2References4
Prion
Prion
added 2023/04/16 12:15 a.m.19 views

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages which have access control could be sent over cleartext HTTP...

2.6CVSS5.8AI score0.00456EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/15 12:0 a.m.4 views

CVE-2019-14942

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages which have access control could be sent over cleartext HTTP...

5.5AI score0.00456EPSS
Exploits0References3
OSV
OSV
added 2022/12/23 3:15 p.m.5 views

AZL-12930 CVE-2022-43551 affecting package cmake for versions less than 3.21.4-3

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

7.5CVSS6.7AI score0.1654EPSS
Exploits1References1
Rows per page
Query Builder