Lucene search
K

215 matches found

Node.js
Node.js
added 2016/11/30 10:44 p.m.40 views

Downloads Resources over HTTP

Overview Affected versions of ibapi insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS5.8AI score0.02336EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2016/11/30 9:56 p.m.41 views

Downloads Resources over HTTP

Overview Affected versions of alto-saxophone insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

9.3CVSS5.6AI score0.02104EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2016/11/30 8:45 p.m.37 views

Downloads Resources over HTTP

Overview Affected versions of chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This may result in arbitrary code execution if an attacker intercepts and modifies the downloaded...

6.8CVSS5.2AI score0.01114EPSS
Exploits0Affected Software1
Prion
Prion
added 2016/09/02 2:59 p.m.26 views

Code injection

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

5.8CVSS6.8AI score0.1503EPSS
Exploits3References18Affected Software1
UbuntuCve
UbuntuCve
added 2016/09/02 12:0 a.m.42 views

CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

6.5CVSS6.8AI score0.1503EPSS
Exploits3References3
Apple
Apple
added 2016/03/09 12:0 a.m.54 views

About the security content of Apple Software Update 2.2

About the security content of Apple Software Update 2.2 This document describes the security content of Apple Software Update 2.2. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or...

5.9CVSS5.8AI score0.00925EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2016/02/16 12:0 a.m.48 views

F5 BIG-IP - SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575

The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

5.9CVSS6.5AI score0.0288EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/08/17 12:0 a.m.1096 views

APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006

APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following: apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in...

9.3CVSS0.7AI score0.74483EPSS
Exploits53
ThreatPost
ThreatPost
added 2015/04/09 5:0 a.m.10 views

Apple iOS 8.3 Includes Long List of Security Fixes

Apple has released iOS 8.3, a major security upgrade for iPhone and iPad users that includes patches for more than three dozen vulnerabilities. The new version of iOS has security fixes for several vulnerabilities in the mobile operating system’s kernel, a handful of code-execution bugs and a lon...

1.4AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/11/17 4:59 p.m.27 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7.1AI score0.01867EPSS
Exploits0References2
OSV
OSV
added 2014/11/17 4:59 p.m.21 views

PYSEC-2014-80

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS3.1AI score0.01867EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/11/17 4:0 p.m.46 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

7.9AI score0.01867EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/11/17 4:0 p.m.103 views

CVE-2014-5277

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to...

5CVSS7.6AI score0.01867EPSS
Exploits0
OSV
OSV
added 2014/09/20 12:0 a.m.22 views

DSA-3029-1 nginx - security update

Bulletin has no description...

4.3CVSS6.3AI score0.05654EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.165 views

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An...

5CVSS7.5AI score0.99999EPSS
Exploits88
Rows per page
Query Builder