TencentOS Server 4: perl-App-cpanminus (TSSA-2025:0373)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0373 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2019-0279

Malware in sbrugna...

EUVD-2019-0255

Malware in sbrugna...

EUVD-2020-0832

Malware in sbrugna...

EUVD-2018-0329

Malware in sbrugna...

EUVD-2018-0450

Malware in sbrugna...

EUVD-2019-0311

Malware in sbrugna...

EUVD-2019-0305

Malware in sbrugna...

EUVD-2019-0226

Malware in sbrugna...

EUVD-2019-0322

Malware in sbrugna...

EUVD-2018-0365

Malware in sbrugna...

EUVD-2019-0335

Malware in sbrugna...

EUVD-2020-1132

Malware in sbrugna...

EUVD-2019-0248

Malware in sbrugna...

CVE-2025-35115

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

PT-2024-31572 · Unknown +6 · App::Cpanminus +6

Name of the Vulnerable Software and Affected Versions: App::cpanminus versions 1.7047 and earlier Description: The App::cpanminus package for Perl downloads code via insecure HTTP, enabling code execution for network attackers. This issue allows attackers to intercept traffic. Recommendations: Fo...

Downloads Resources over HTTP in adamvr-geoip-lite

Affected versions of adamvr-geoip-lite insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions b...

CVE-2014-0048

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways...

DEBIAN-CVE-2019-11065

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site...

GHSA-2WRQ-WMQF-8VCC Downloads Resources over HTTP in operadriver

operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attack...