Certification of Network Quantum Sensing

The distribution of quantum sensors on quantum networks is a key enabler of quantum technologies in interferometry, gravimetry, timekeeping, biological monitoring, and beyond. Yet, guaranteeing the security of these distributed sensors over noisy, insecure networks remains a formidable challenge...

CVE-2025-62311

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability; this vulnerability stems from the possibility of sensitive information being transmitted through insecure HTTP channels during backend services, which could lead to the...

CVE-2026-45180

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...

Extensible Post Quantum Cryptography Based Authentication

Cryptography underpins the security of modern digital infrastructure, from cloud services to health data. However, many widely deployed systems will become vulnerable after the advent of scalable quantum computing. Although quantum-safe cryptographic primitives have been developed, such as...

tomcat: not including the secure attribute causes information disclosure

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

curl: CVE-2023-23915: HSTS amnesia with --parallel

HSTS cache entries were overwritten by curl when requests were made in parallel, resulting in only one site being protected by TLS and the others being vulnerable to loss of confidentiality and integrity...

curl: CVE-2023-23914: curl HSTS ignored on multiple requests

A vulnerability was found in curl tool's HSTS feature, where it failed to work correctly when multiple requests were made within a single invocation, resulting in requests being performed over insecure channels, potentially leading to loss of confidentiality and integrity...

Kalkitech Sync Products 加密问题漏洞

Kalkitech Sync Products is a range of substation gateways from Kalkitech India. Kalkitech Sync Products suffers from an encryption issue vulnerability that stems from the use of an insecure communication channel by the management tools Easyconnect and SYNC devices, which can be exploited by an...

DEBIAN-CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

CVE-2019-6640

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv...

F5 Networks BIG-IP : SNMP vulnerability (K27400151)

SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. CVE-2019-6613 Impact An attacker with direct SNMP access to a BIG-IP system or an attacker with a privilege...

CVE-2018-11746

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

Design/Logic Flaw

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

CVE-2018-11746

CVE-2018-11746 affects Puppet Discovery prior to 1.2.0. When running against Windows, WinRM connections can fall back to basic auth over insecure channels if a HTTPS server is unavailable, exposing login credentials used by Puppet Discovery. The issue is specific to that context; upgrading to ver...

CVE-2018-11746 Puppet Discovery can leak authentication information

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...

GLSA-201805-11 : Rootkit Hunter: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201805-11 Rootkit Hunter: User-assisted execution of arbitrary code A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then...

Rootkit Hunter: User-assisted execution of arbitrary code

Background Scans for known and unknown rootkits, backdoors, and sniffers. Description A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then executed in Bash. Impact A remote attacker, by...

UBUNTU-CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

nevisAuth Authentication Bypass Vulnerability

nevisAuth versions since 4.13.0.0 2012-11-21 and prior to 4.18.3.1 2015-07-02 suffer from an authentication bypass vulnerability. Product: nevisAuth 1 Vendor: AdNovum 2 CVD ID: CVE-2015-5372 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Authors: Antoine Neuenschwander...