142 matches found
CVE-2011-2683
reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 4 Insecure HTTP Update Download MitM Code Execution
According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 4. It is, therefore, affected by a vulnerability in the software update process. Software updates are packaged and delivered insecurely, leading to roo...
Apache OpenMeetings < 3.3.0 Multiple Vulnerabilities
Apache OpenMeetings is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:openmeetings";...
CVE-2017-7685
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...
CVE-2017-7685
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH...
CVE-2017-8894
AeroAdmin 4.1 uses an insecure protocol HTTP to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine...
CVE-2017-3219
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash...
CVE-2016-8230
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers...
CVE-2016-8273
Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...
CVE-2016-8273
Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...
Hardcoded credentials
Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...
Design/Logic Flaw
The 1 update and 2 package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism...
Man In The Middle (MitM)
windows-build-tools is vulnerable to man-in-the-middle MitM attacks due to downloading installer packages over insecure http protocol. It may cause remote code execution RCE by swapping out the requested package with an attacker controlled package if the attacker is on the network or positioned i...
Man-in-the-Middle (MitM)
pry-rescue is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the use of the deprecated :rubygems option in the Gemfile, causing insecure HTTP requests to be made. A malicious user can potentially compromise the download to conduct MitM attacks...
Man-in-the-Middle (MitM)
maildir is vulnerable to man-in-the-middle MitM attacks. The rubygems source uses insecure http, meaning a malicious user can potentially compromise the source to conduct a Man-in-the-Middle attack...
Downloads Resources over HTTP
Overview Affected versions of serc.js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
Downloads Resources over HTTP
Overview Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Mozilla Moving Toward Full HTTPS Enforcement in Firefox
The Mozilla Foundation is initiating the process to phase out insecure HTTP connections in the Firefox browser. The decision is part of a broader movement to encrypt the Web, which in the case of Mozilla Firefox, means permitting only encrypted HTTPS browser connections. Mozilla is the developer ...
Design/Logic Flaw
OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...
CVE-2014-1242
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream...