Lucene search
K

142 matches found

NVD
NVD
added 2017/10/23 6:29 p.m.14 views

CVE-2011-2683

reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack...

5.9CVSS5.6AI score0.01332EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/10/17 12:0 a.m.26 views

SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Insecure HTTP Update Download MitM Code Execution

According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 4. It is, therefore, affected by a vulnerability in the software update process. Software updates are packaged and delivered insecurely, leading to roo...

8.8CVSS7.3AI score0.02878EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2017/10/05 12:0 a.m.47 views

Apache OpenMeetings < 3.3.0 Multiple Vulnerabilities

Apache OpenMeetings is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:openmeetings";...

9.8CVSS6.6AI score0.0297EPSS
Exploits0References4
NVD
NVD
added 2017/07/17 1:18 p.m.14 views

CVE-2017-7685

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

5.3CVSS5.3AI score0.0286EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/07/14 3:0 p.m.19 views

CVE-2017-7685

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...

5.7AI score0.0286EPSS
Exploits0References2
NVD
NVD
added 2017/07/02 5:29 p.m.9 views

CVE-2017-8894

AeroAdmin 4.1 uses an insecure protocol HTTP to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine...

8.1CVSS8.2AI score0.0158EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/06/21 8:0 p.m.19 views

CVE-2017-3219

Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash...

8.7AI score0.00474EPSS
Exploits0References2
NVD
NVD
added 2017/06/04 9:29 p.m.15 views

CVE-2016-8230

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers...

7.5CVSS7.5AI score0.0109EPSS
Exploits0References1
NVD
NVD
added 2017/04/02 8:59 p.m.14 views

CVE-2016-8273

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

7.8CVSS7.7AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2017/04/02 8:59 p.m.2 views

CVE-2016-8273

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

7.8CVSS5.8AI score0.0021EPSS
Exploits0References1
Prion
Prion
added 2017/04/02 8:59 p.m.18 views

Hardcoded credentials

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

6.9CVSS7.1AI score0.0021EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/03/30 7:59 a.m.13 views

Design/Logic Flaw

The 1 update and 2 package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism...

6.8CVSS8.1AI score0.02075EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2017/02/22 7:44 a.m.24 views

Man In The Middle (MitM)

windows-build-tools is vulnerable to man-in-the-middle MitM attacks due to downloading installer packages over insecure http protocol. It may cause remote code execution RCE by swapping out the requested package with an attacker controlled package if the attacker is on the network or positioned i...

9.3CVSS8.3AI score0.0228EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/01/17 8:40 a.m.10 views

Man-in-the-Middle (MitM)

pry-rescue is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the use of the deprecated :rubygems option in the Gemfile, causing insecure HTTP requests to be made. A malicious user can potentially compromise the download to conduct MitM attacks...

6.5AI score
Exploits0
Veracode
Veracode
added 2016/12/21 7:43 a.m.6 views

Man-in-the-Middle (MitM)

maildir is vulnerable to man-in-the-middle MitM attacks. The rubygems source uses insecure http, meaning a malicious user can potentially compromise the source to conduct a Man-in-the-Middle attack...

6.5AI score
Exploits0
Node.js
Node.js
added 2016/12/02 4:11 a.m.35 views

Downloads Resources over HTTP

Overview Affected versions of serc.js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

9.3CVSS6.1AI score0.01682EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2016/11/30 10:44 p.m.40 views

Downloads Resources over HTTP

Overview Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS5.8AI score0.02336EPSS
Exploits0Affected Software1
ThreatPost
ThreatPost
added 2015/05/01 12:20 p.m.11 views

Mozilla Moving Toward Full HTTPS Enforcement in Firefox

The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections. Mozilla is the developer ...

Exploits0References5
Prion
Prion
added 2014/06/02 3:55 p.m.13 views

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

4.3CVSS6.9AI score0.01466EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2014/01/23 7:55 p.m.16 views

CVE-2014-1242

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream...

5.8CVSS5.8AI score0.01019EPSS
Exploits0References5
Rows per page
Query Builder