Lucene search
K

114 matches found

CVE
CVE
added 2021/04/19 2:5 p.m.79 views

CVE-2021-20992

CVE-2021-20992 affects Fibaro Home Center 2 and Lite devices, where the web-based management interface runs over unencrypted HTTP. This enables eavesdropping on user communications and can allow hijacking of sessions, tokens, and passwords. The available sources confirm the issue but do not provi...

8.1CVSS7.6AI score0.01421EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2020/02/25 7:15 p.m.2 views

CVE-2020-8809

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

8.1CVSS7.6AI score
Exploits0References2
Prion
Prion
added 2020/02/25 7:15 p.m.17 views

Code injection

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attack...

6.8CVSS8.3AI score0.02107EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2020/01/06 8:15 p.m.16 views

CVE-2019-16274

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...

7.5CVSS7.6AI score0.00674EPSS
Exploits0References1
Prion
Prion
added 2020/01/06 8:15 p.m.14 views

Design/Logic Flaw

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...

5CVSS7.6AI score0.00674EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/01/06 7:52 p.m.24 views

CVE-2019-16274

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP...

7.7AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 2020/01/06 7:52 p.m.86 views

CVE-2019-16274

DTEN DT5/D7 devices (before firmware 1.3) expose customer data by transferring files over unencrypted HTTP. Concrete details across multiple sources confirm the affected products and version bounds, with the underlying issue described as unencrypted HTTP data transfer that can lead to exposure of...

7.5CVSS7.6AI score0.00674EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/07/19 6:15 p.m.19 views

Design/Logic Flaw

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account,...

4.3CVSS4.9AI score0.00479EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/04/23 6:44 a.m.21 views

Man-in-the-Middle (MitM)

openapi-generator is vulnerable to man-in-the-middle attacks. Resolved dependencies in build.gradle, build.gradle.mustache and build.sbt are performed over an unencrypted HTTP channel, which would allow a remote attacker to intercept and modify network traffic during the installation of...

8.1CVSS7AI score0.01198EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2019/02/18 11:58 p.m.26 views

Insecure Default Configuration in airbrake

Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information...

5.9CVSS4.1AI score0.01301EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/02/18 11:58 p.m.20 views

GHSA-856X-CP3Q-47VG Insecure Default Configuration in airbrake

Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive information...

5.9CVSS5.5AI score0.01301EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:57 p.m.10 views

GHSA-VVWP-3F54-XC39 Downloads Resources over HTTP in broccoli-closure

Affected versions of broccoli-closure insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:52 p.m.30 views

Downloads Resources over HTTP in bkjs-wand

Affected versions of bkjs-wand insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

9.3CVSS5.7AI score0.01682EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/02/18 11:47 p.m.11 views

GHSA-J3CR-J9JX-MF4P Downloads Resources over HTTP in redis-srvr

Affected versions of redis-srvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:45 p.m.17 views

Downloads Resources over HTTP in native-opencv

Affected versions of native-opencv insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS6AI score0.01699EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/02/18 11:44 p.m.10 views

GHSA-G84J-95X2-7G67 Downloads Resources over HTTP in tomita

Affected versions of tomita insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS8.1AI score0.01682EPSS
Exploits0References3
OSV
OSV
added 2019/02/18 11:44 p.m.17 views

GHSA-WX3Q-6X7X-JJW4 mystem downloads Resources over HTTP

Affected versions of mystem insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

8.1CVSS8.1AI score0.01682EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:35 p.m.38 views

Downloads Resources over HTTP in product-monitor

Affected versions of product-monitor insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

9.3CVSS5.7AI score0.01682EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/02/18 11:35 p.m.14 views

GHSA-6PWF-WHC8-HJF6 Downloads Resources over HTTP in baryton-saxophone

Affected versions of baryton-saxophone insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

9.3CVSS8.1AI score0.02104EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:33 p.m.34 views

Downloads Resources over HTTP in webdrvr

Affected versions of webdrvr insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS6.1AI score0.01682EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder