Low
CVE-2017-1265
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity…
Tag: Mitm
All CVEs associated with "Mitm". Page 10/32 • 3809 CVEs.
Subscribe CVEs: RSS for “Mitm” · RSS (High+Critical only)
About “Mitm”
A curated feed of “Mitm”-related CVEs appears below. We currently track 3809 CVEs for this tag (all time). In the last 365 days, 218 were published. Average CVSS is 6.1 (all time; 6.6 over 365d), and 25% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-295 - Improper Certificate Validation, CWE-319 - Cleartext Transmission of Sensitive Information, CWE-297 - Improper Validation of Certificate with Host Mismatch.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2018-12-17
2018-12-13
Low
CVE-2018-1804
IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obt…
2018-12-07
Medium
CVE-2018-1663
IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An at…
2018-12-06
Medium
CVE-2018-1525
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could expl…
2018-12-05
Low
CVE-2017-1622
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. I…
2018-11-27
High
CVE-2018-7960
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Su…
Medium
CVE-2018-7959
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables…
High
CVE-2018-7958
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client…
2018-11-26
Medium
CVE-2018-11076
Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar…
2018-11-22
Medium
CVE-2018-19443
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but…
2018-11-15
Medium
CVE-2018-0691
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.28…
High
CVE-2018-0690
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
2018-11-13
High
CVE-2018-17187
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client…
2018-11-06
Medium
CVE-2018-1694
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational…
2018-10-24
Medium
CVE-2018-18568
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used wi…
Medium
CVE-2018-18567
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used wi…
2018-10-10
Medium
CVE-2018-16758
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.
2018-10-05
Medium
CVE-2018-15399
A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhau…
High
CVE-2018-0434
A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid c…
2018-10-03
Medium
CVE-2018-6695
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acqu…
2018-10-02
High
CVE-2018-15752
An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authe…
Low
CVE-2018-1509
IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) att…
2018-09-26
High
CVE-2018-17215
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated…
2018-09-14
Medium
CVE-2018-11087
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability t…
Medium
CVE-2018-1719
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit th…
2018-09-11
Medium
CVE-2018-15898
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction dat…
Medium
CVE-2018-11078
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potential…
Medium
CVE-2018-2460
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.
Medium
CVE-2018-1127
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens…
Medium
CVE-2016-7074
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuf…
Medium
CVE-2016-7073
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insuf…
2018-09-10
High
CVE-2018-11775
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client…
2018-09-07
High
CVE-2017-17691
Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitiv…
High
CVE-2018-0650
The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive…
2018-09-06
Medium
CVE-2018-1000664
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate,…
2018-09-05
Medium
CVE-2018-9194
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to…
Medium
CVE-2018-9192
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to…
2018-08-31
Medium
CVE-2018-6258
NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-M…
2018-08-30
High
CVE-2018-15476
An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and…
High
CVE-2018-10936
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could…
2018-08-27
Medium
CVE-2018-15699
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configura…
2018-08-22
Medium
CVE-2017-7513
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this fl…
High
CVE-2018-1139
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to re…
2018-08-15
Medium
CVE-2017-13105
Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle…
Medium
CVE-2018-0412
A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Serie…
2018-08-13
Low
CVE-2016-2922
IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-mid…
2018-08-06
Medium
CVE-2017-16653
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different token…
2018-08-01
High
CVE-2018-10896
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances…
High
CVE-2018-1999035
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to imp…
High
CVE-2018-1999034
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service…
High
CVE-2018-1999025
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins c…
2018-07-31
High
CVE-2018-11338
Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the net…
2018-07-30
High
CVE-2018-13280
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS ses…
2018-07-27
High
CVE-2017-2649
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
Medium
CVE-2017-2648
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
High
CVE-2017-12151
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and…
2018-07-26
High
CVE-2018-14607
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensit…
High
CVE-2017-12150
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-…
High
CVE-2018-0622
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor…
2018-07-24
Medium
CVE-2017-3182
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) atta…
2018-07-13
High
CVE-2016-6562
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position…
Medium
CVE-2017-1395
IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP St…
2018-07-12
Medium
CVE-2017-14710
The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers…
High
CVE-2017-14709
The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the…
Medium
CVE-2017-14612
"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac…
2018-07-11
Medium
CVE-2018-0025
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these cre…
2018-07-06
Medium
CVE-2018-1546
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo…
High
CVE-2018-8929
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle atta…
2018-07-03
High
CVE-2018-10596
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloadin…
2018-07-02
Medium
CVE-2018-1249
Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to str…
High
CVE-2018-12499
The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it commu…
High
CVE-2018-8039
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system pro…
2018-06-27
Medium
CVE-2018-1543
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerabilit…
2018-06-26
High
CVE-2018-1000605
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any s…
High
CVE-2018-0611
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cr…
2018-06-18
High
CVE-2018-1153
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
2018-06-17
High
CVE-2018-12331
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP sp…
Medium
CVE-2018-10377
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
2018-06-12
Medium
CVE-2018-12257
An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade f…
2018-06-11
Medium
CVE-2017-7781
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle atta…
Medium
CVE-2016-9064
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connect…
2018-06-08
Medium
CVE-2018-4202
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to s…
2018-06-06
Medium
CVE-2017-1476
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable H…
2018-06-05
Medium
CVE-2018-1454
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attac…
2018-06-04
Medium
CVE-2017-16041
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.
High
CVE-2017-16040
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE…
High
CVE-2017-16035
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are d…
High
CVE-2016-10697
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attac…
High
CVE-2016-10696
windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pos…
High
CVE-2016-10695
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may…
High
CVE-2016-10694
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM a…
High
CVE-2016-10693
pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code exe…
High
CVE-2016-10692
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swa…
High
CVE-2016-10691
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause…
High
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It ma…
High
CVE-2016-10689
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to caus…
High
CVE-2016-10688
Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote…
High
CVE-2016-10687
windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may…
High
CVE-2016-10686
fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE…
High
CVE-2016-10685
pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution…
High
CVE-2016-10684
healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remot…
High
CVE-2016-10683
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker co…
High
CVE-2016-10678
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping…
High
CVE-2016-10677
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves i…
High
CVE-2016-10676
rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code exe…
High
CVE-2016-10675
libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code…
High
CVE-2016-10673
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability…
High
CVE-2016-10672
cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code executi…
High
CVE-2016-10671
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code executio…
High
CVE-2016-10670
windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause rem…
High
CVE-2016-10669
soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker…
High
CVE-2016-10668
libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)…
High
CVE-2016-10667
selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RC…
High
CVE-2016-10665
herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to…
High
CVE-2016-10664
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remot…
High
CVE-2016-10663
wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code…
High
CVE-2016-10662
tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by s…
High
CVE-2016-10661
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution…
High
CVE-2016-10660
fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible…
High
CVE-2016-10657
co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)…