EUVD-2020-26594

Malware in sbrugna...

EUVD-2019-18400

Malware in sbrugna...

EUVD-2022-36217

Malicious code in bioql PyPI...

CVE-2019-9013

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component a...

CVE-2022-33173

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead...

Man-in-the-Middle (MitM)

nim is vulnerable to man-in-the-middle attack. nimble refresh fetches a list of Nimble packages over HTTPS by default. However, in case of an error, a non-TLS URL http://irclogs.nim-lang.org/packages.json is used and allows an attacker to perform MitM and deliver a modified package list containin...

CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

CVE-2020-5426

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

CVE-2020-5426

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

CVE-2020-5426

CVE-2020-5426 affects the TAS Scheduler prior to version 1.4.0, which could transmit the UAA client token in plaintext over non-TLS connections. The risk is influenced by MySQL server configuration used to cache the token; interception could grant an attacker admin-level access in the cloud contr...

Man-in-the-Middle (MitM)

https-proxy-agent is vulnerable to man-in-the-middle MitM. The vulnerability exists as the socket returns without TLS upgrade through non-200 CONNECT response, allowing request data can be sent over unencrypted connection...

CVE-2019-9013

An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being insufficiently protected during transport. All variants of the following CODESYS V3 products in all versions containing the CmpUserMgr component a...