Total
2480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4898 | 1 Tropos | 9 1310 Distrubution Automation Mesh Router, 1410 Mesh Router, 1410 Wireless Mesh Router and 6 more | 2024-09-17 | N/A |
| Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | ||||
| CVE-2016-10619 | 1 Pennyworth Project | 1 Pennyworth | 2024-09-17 | N/A |
| pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | ||||
| CVE-2016-10639 | 1 Redis-srvr Project | 1 Redis-srvr | 2024-09-17 | N/A |
| redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10606 | 1 Grunt-webdriver-qunit Project | 1 Grunt-webdriver-qunit | 2024-09-17 | N/A |
| grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2009-3941 | 1 Martin Lambers | 1 Mpop | 2024-09-17 | N/A |
| Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2008-5331 | 1 Adobe | 1 Acrobat | 2024-09-17 | N/A |
| Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack. | ||||
| CVE-2010-2270 | 1 Accoria | 1 Rock Web Server | 2024-09-17 | N/A |
| Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie. | ||||
| CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2024-09-17 | N/A |
| imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10560 | 1 Galenframework | 1 Galenframework-cli | 2024-09-17 | 8.1 High |
| galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2012-3818 | 1 Mikel Olasagasti | 1 Revelation | 2024-09-17 | N/A |
| The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. | ||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2024-09-17 | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | ||||
| CVE-2016-10642 | 1 Cmake Project | 1 Cmake | 2024-09-17 | N/A |
| cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2011-4190 | 1 Suse | 2 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server | 2024-09-17 | N/A |
| The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | ||||
| CVE-2014-8538 | 1 Hijabmodern | 1 Hijab Modern | 2024-09-17 | N/A |
| The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-10643 | 1 Jstestdriver Project | 1 Jstestdriver | 2024-09-17 | N/A |
| jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2018-5466 | 1 Philips | 1 Intellispace Portal | 2024-09-17 | N/A |
| Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | ||||
| CVE-2016-10626 | 1 Mystem3 Project | 1 Mystem3 | 2024-09-17 | N/A |
| mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10631 | 1 Jvminstall Project | 1 Jvminstall | 2024-09-17 | N/A |
| jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2010-4214 | 2 Google, Wellsfargo | 2 Android, Wells Fargo Mobile | 2024-09-17 | N/A |
| The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | ||||
| CVE-2016-10684 | 1 Healthcenter Project | 1 Healthcenter | 2024-09-17 | N/A |
| healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||