GHSA-7WW4-C3MJ-93CF Downloads Resources over HTTP in pm2-kafka

Affected versions of pm2-kafka insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

Downloads Resources over HTTP in windows-latestchromedriver

Affected versions of windows-latestchromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP in roslib-socketio

Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

GHSA-72Q2-5RXX-XFFF gfe-sass downloads Resources over HTTP

Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-J9Q7-3RHF-4PPV windows-selenium-chromedriver downloads Resources over HTTP

Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

CVE-2019-9682

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker c...

Apple iOS, macOS Mojave and tvOS 802.1X Component Input Validation Error Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple macOS Mojave is a specialized operating system developed for Mac computers.Apple macOS Mojave is an operating system developed for Mac computers.Apple tvOS is a smart TV operating...

CVE-2019-6203

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic...

Code injection

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic...

CVE-2019-6203

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic...

Mac adware is more sophisticated and dangerous than traditional Mac malware

As the data revealed in our State of Malware report showed, Mac threats are on the rise, but they are not the same type of threats experienced by Windows users. Most notably, more traditional forms of malware, such as ransomware, spyware, and backdoors account for over 27 percent of all Windows...

Man-in-the-Middle (MitM)

airtable is vulnerable to man-in-the-middle attacks. SSL certificate validation is disabled by default in the package, allowing remote attackers within the network to intercept, sniff and modify network traffic...

GHSA-2HPJ-G53M-9GJ6 closure-util downloads Resources over HTTP

Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

closure-util downloads Resources over HTTP

Affected versions of closure-util insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-4PF7-579W-F4GM dwebp-bin downloads Resources over HTTP

Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

GHSA-G95J-P8F6-PWH4 headless-browser-lite downloads Resources over HTTP

Affected versions of headless-browser-lite insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

GHSA-362X-34H3-H6H6 Downloads Resources over HTTP in box2d-native

Affected versions of box2d-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-8P52-7CXV-6C95 Downloads Resources over HTTP in curses

Affected versions of curses insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

GHSA-F757-9C4X-CHFF poco downloads Resources over HTTP

Affected versions of poco insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

GHSA-722Q-3G9X-VP8Q Downloads Resources over HTTP in tomita-parser

Affected versions of tomita-parser insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...