Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-10652 | 1 Prebuild-lwip Project | 1 Prebuild-lwip | 2024-09-16 | N/A |
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | ||||
CVE-2010-4304 | 1 Cisco | 14 Unified Videoconferencing System 3515 Multipoint Control Unit, Unified Videoconferencing System 3515 Multipoint Control Unit Firmware, Unified Videoconferencing System 3522 Basic Rate Interface Gateway and 11 more | 2024-09-16 | N/A |
The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048. | ||||
CVE-2016-10620 | 1 Atom-node-module-installer Project | 1 Atom-node-module-installer | 2024-09-16 | N/A |
atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2016-10695 | 1 Mapbox | 1 Npm-test-sqlite3-trunk | 2024-09-16 | N/A |
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2009-0742 | 1 Cisco | 4 Ace 4710, Application Control Engine Module, Catalyst 6500 and 1 more | 2024-09-16 | N/A |
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information. | ||||
CVE-2008-6797 | 1 Mitel | 1 Mitel Nupoint Messenger | 2024-09-16 | N/A |
The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2016-10691 | 1 Windows-seleniumjar Project | 1 Windows-seleniumjar | 2024-09-16 | N/A |
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2012-4114 | 1 Cisco | 1 Unified Computing System | 2024-09-16 | N/A |
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. | ||||
CVE-2012-6571 | 1 Huawei | 18 Ar 18-1x, Ar 18-2x, Ar 18-3x and 15 more | 2024-09-16 | N/A |
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | ||||
CVE-2016-10677 | 1 Google-closure-tools-latest Project | 1 Google-closure-tools-latest | 2024-09-16 | N/A |
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2016-10651 | 1 Webdriver-launcher Project | 1 Webdriver-launcher | 2024-09-16 | N/A |
webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2010-5079 | 1 Silverstripe | 1 Silverstripe | 2024-09-16 | N/A |
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2010-1689 | 1 Microsoft | 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more | 2024-09-16 | N/A |
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | ||||
CVE-2013-1212 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2024-09-16 | N/A |
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. | ||||
CVE-2012-4693 | 2 Invensys, Siemens | 2 Wonderware Intouch, Processsuite | 2024-09-16 | N/A |
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by reading this file. | ||||
CVE-2010-4758 | 1 Otrs | 1 Otrs | 2024-09-16 | N/A |
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | ||||
CVE-2013-2803 | 1 Prosoft-technology | 1 Radiolinx Controlscape | 2024-09-16 | N/A |
ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
CVE-2016-10655 | 1 Clang-extra Project | 1 Clang-extra | 2024-09-16 | N/A |
The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2016-10670 | 1 Windows-seleniumjar-mirror Project | 1 Windows-seleniumjar-mirror | 2024-09-16 | N/A |
windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
CVE-2011-4046 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2024-09-16 | N/A |
The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code. |