PT-2026-39533

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Statsd versions prior to 0.9.0 Description Plack::Middleware::Statsd for Perl may leak user IP addresses. This occurs if the communication channel to the statsd daemon is not secured, such as when sending UDP packets to a ho...

SUSE CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

CVE-2025-59460 Unsecure access configuration

The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections...

EUVD-2019-16413

Malware in sbrugna...

EUVD-2018-20463

Malware in sbrugna...

EUVD-2019-16406

Malware in sbrugna...

EUVD-2016-3301

Malware in sbrugna...

EUVD-2020-17919

Malware in sbrugna...

EUVD-2020-27047

Malware in sbrugna...

EUVD-2024-16119

Malicious code in bioql PyPI...

B&R Automation Runtime Use of a Cryptographic Primitive with a Risky Implementation (CVE-2024-0323)

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network- based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. This plugin only...

CVE-2021-20174

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be transmitted in...

CVE-2020-5893

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection...

CVE-2020-1393

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-141...

CVE-2019-6859

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers All versions of the following CPUs and Communication Module product references listed in the Security Notifications, which could cause the disclosure of FTP hardcoded credentials when using the Web server of the...

CVE-2024-0323

The FTP server used on the B Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

Huawei HarmonyOS Entry Unsecured Checksum Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an Incoming Parameter Unsecure Checksum vulnerability, which stems from an inbound parameter unsecure checksum in the HDC modul...

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

CVE-2024-0323 FTP uses unsecure encryption mechanisms

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

CVE-2024-0323

The CVE-2024-0323 entry affects the B&R Automation Runtime FTP server, where the FTP service supports insecure encryption mechanisms (SSLv3, TLS 1.0, TLS 1.1). Affected product: B&R Automation Runtime (FTP server). Documented impact: network-based attacker can perform man-in-the-middle attacks or...