6 matches found
Linux Distros Unpatched Vulnerability : CVE-2009-3584
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by...
WAVLINK WN531G3 安全漏洞
The WAVLINK WN531G3 is a wireless router from China-based RuiYin Technology WAVLINK. A security vulnerability exists in the WAVLINK WN531G3 firmware version M31G3.V5030.200325 and earlier versions, which originates from communication over HTTP instead of HTTPS, and because the hashing mechanism...
DEBIAN-CVE-2019-11747
The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security HSTS settings received from sites that use it. Due to a bug, sites on the pre-load list also have...
Downloads Resources over HTTP
Overview Affected versions of node-bsdiff-android insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and...
Downloads Resources over HTTP
Overview Affected versions of httpsync insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Allround Automations PL/SQL Developer < 11.0.6.1776 HTTP Insecure Update RCE
The version of Allround Automations PL/SQL Developer installed on the remote host is prior to 11.0.6.1776. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker...