Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-10240

Summary
Assigner-eclipse
Assigner Org ID-e51fbebd-6053-4e49-959f-1b94eeb69a2c
Published At-03 Apr, 2019 | 18:04
Updated At-04 Aug, 2024 | 22:17
Rejected At-
Credits

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:eclipse
Assigner Org ID:e51fbebd-6053-4e49-959f-1b94eeb69a2c
Published At:03 Apr, 2019 | 18:04
Updated At:04 Aug, 2024 | 22:17
Rejected At:
▼CVE Numbering Authority (CNA)

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Affected Products
Vendor
Eclipse Foundation AISBLThe Eclipse Foundation
Product
Eclipse hawkBit
Versions
Affected
  • From unspecified before 0.3.0M2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-829CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWECWE-494CWE-494: Download of Code Without Integrity Check
Type: CWE
CWE ID: CWE-829
Description: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-494
Description: CWE-494: Download of Code Without Integrity Check
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
x_refsource_CONFIRM
Hyperlink: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:emo@eclipse.org
Published At:03 Apr, 2019 | 18:29
Updated At:28 Oct, 2021 | 13:54

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

Eclipse Foundation AISBL
eclipse
>>hawkbit>>Versions up to 0.2.5(inclusive)
cpe:2.3:a:eclipse:hawkbit:*:*:*:*:*:*:*:*
Eclipse Foundation AISBL
eclipse
>>hawkbit>>0.3.0
cpe:2.3:a:eclipse:hawkbit:0.3.0:m1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primarynvd@nist.gov
CWE-494Secondaryemo@eclipse.org
CWE-829Secondaryemo@eclipse.org
CWE ID: CWE-319
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-494
Type: Secondary
Source: emo@eclipse.org
CWE ID: CWE-829
Type: Secondary
Source: emo@eclipse.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053emo@eclipse.org
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Source: emo@eclipse.org
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

88Records found

CVE-2021-41037
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-10||CRITICAL
EPSS-0.73% / 49.70%
||
7 Day CHG~0.00%
Published-08 Jul, 2022 | 03:50
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-equinox_p2Eclipse Equinox p2equinox_p2
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2019-11770
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-1.26% / 66.00%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 13:53
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-buildshipEclipse Buildship
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2019-10249
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.42%
||
7 Day CHG~0.00%
Published-06 May, 2019 | 16:12
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All Xtext & Xtend versions prior to 2.18.0 were built using HTTP instead of HTTPS file transfer and thus the built artifacts may have been compromised.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-xtendxtextEclipse Xtext
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-10248
Matching Score-10
Assigner-Eclipse Foundation
ShareView Details
Matching Score-10
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-0.43% / 34.82%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 20:15
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-vortoEclipse Vorto
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CVE-2019-17633
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-0.81% / 52.43%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 17:05
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Che with no authentication and no TLS is not usually deployed on a public network but is often used for local installations (e.g. on personal laptops). In that case, even if the Che API is not exposed externally, some javascript running in the local browser is able to send requests to it.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-cheEclipse Che
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-17635
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-7.8||HIGH
EPSS-1.34% / 67.82%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 18:35
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-memory_analyzerEclipse Memory Analyzer
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-41034
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-0.39% / 30.97%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 21:35
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-cheEclipse Che
CWE ID-CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CVE-2020-35217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.44%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 12:28
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.

Action-Not Available
Vendor-n/aEclipse Foundation AISBL
Product-vert.x-webn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2018-12550
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-1.35% / 68.17%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 17:26
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoEclipse Mosquitto
CWE ID-CWE-440
Expected Behavior Violation
CVE-2018-12551
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-1.47% / 70.66%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 17:26
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoEclipse Mosquitto
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-287
Improper Authentication
CVE-2021-34435
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-0.60% / 44.12%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 17:20
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CWE ID-CWE-346
Origin Validation Error
CVE-2018-12540
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.8||HIGH
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-vert.xEclipse Vert.x
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-41033
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-8.1||HIGH
EPSS-1.05% / 59.99%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 20:55
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-equinoxEclipse Equinox
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2026-46580
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.27% / 18.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:26
Updated-22 Jun, 2026 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-1427
Improper Neutralization of Input Used for LLM Prompting
CVE-2026-44688
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.27% / 18.96%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:22
Updated-22 Jun, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-1427
Improper Neutralization of Input Used for LLM Prompting
CVE-2026-44691
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-8.4||HIGH
EPSS-0.23% / 13.88%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:35
Updated-22 Jun, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-22551
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 7.87%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 14:32
Updated-22 Jun, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-1699
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-10||CRITICAL
EPSS-0.50% / 39.34%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 09:57
Updated-10 Mar, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to repository secrets and a GITHUB_TOKEN with extensive write permissions (contents:write, packages:write, pages:write, actions:write). An attacker could exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code to the repository.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theia_websiteEclipse Theia - Website
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-28162
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-6.1||MEDIUM
EPSS-0.78% / 51.31%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 21:40
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-theiaEclipse Theia
CWE ID-CWE-830
Inclusion of Web Functionality from an Untrusted Source
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2020-25748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.84% / 53.46%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:17
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.

Action-Not Available
Vendor-rubetekn/a
Product-rv-3409_firmwarerv-3406rv-3409rv-3411_firmwarerv-3411rv-3406_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-7610
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 23.72%
||
7 Day CHG~0.00%
Published-02 May, 2026 | 09:15
Updated-06 May, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-TRENDnet, Inc.
Product-tew-821dap_firmwaretew-821dapTEW-821DAP
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-14930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-3.36% / 87.24%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 20:50
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.

Action-Not Available
Vendor-bt_ctroms_terminal_projectn/a
Product-bt_ctroms_terminaln/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-35115
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.2||CRITICAL
EPSS-0.22% / 12.36%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:18
Updated-02 Sep, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.

Action-Not Available
Vendor-AgiloftAtlassian
Product-agiloftAgiloft
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2019-16732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.95% / 56.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 20:08
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.

Action-Not Available
Vendor-skymeepetwantn/a
Product-pf-103petalk_ai_firmwarepetalk_aipf-103_firmwaren/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-25486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.97% / 95.03%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 17:41
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

Action-Not Available
Vendor-cuppacmsn/a
Product-cuppacmsn/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2022-22786
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.5||HIGH
EPSS-1.51% / 71.33%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 15:42
Updated-02 Jun, 2026 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Update package downgrade in Zoom Client for Meetings for Windows

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsmeetingsZoom Client for Meetings for WindowsZoom Rooms for Conference Room for Windows
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-23060
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.6||MEDIUM
EPSS-0.22% / 12.01%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 18:11
Updated-28 Mar, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)

A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)Aruba Networks
Product-clearpass_policy_managerHPE Aruba Networking ClearPass Policy Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-15612
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 12.00%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 18:16
Updated-14 May, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhWazuh Provisioning Scripts (Agent Build Environment)
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-38588
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.44% / 35.46%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 22:55
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2021-3603
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.1||HIGH
EPSS-2.26% / 80.84%
||
7 Day CHG~0.00%
Published-17 Jun, 2021 | 12:09
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer

PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect parameter to validateAddress() is set to 'php' (the default, defined by PHPMailer::$validator), and the global namespace contains a function called php, it will be called in preference to the built-in validator of the same name. Mitigated in PHPMailer 6.5.0 by denying the use of simple strings as validator function names.

Action-Not Available
Vendor-phpmailer_projectPHPMailerFedora Project
Product-phpmailerfedoraPHPMailer
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2024-0220
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.3||HIGH
EPSS-0.36% / 28.41%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 10:15
Updated-06 May, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
B&R products use insufficient communication encryption

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-automation_studiotechnology_guardingAutomation StudioTechnology Guardingautomation_studio
CWE ID-CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-6971
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-6.42% / 92.85%
||
7 Day CHG~0.00%
Published-23 Dec, 2023 | 01:59
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

Action-Not Available
Vendor-backupblissmigrate
Product-backup_migrationBackup Migration
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2021-33879
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.02% / 59.25%
||
7 Day CHG~0.00%
Published-06 Jun, 2021 | 19:25
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.

Action-Not Available
Vendor-tencentn/a
Product-gameloopn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2022-46423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.40% / 31.63%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2000wnr2000_firmwaren/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2023-45841
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.81% / 52.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 11:30
Updated-04 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.

Action-Not Available
Vendor-buildrootBuildroot
Product-buildrootBuildroot
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2024-5762
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-71.60% / 99.34%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:15
Updated-23 Aug, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408.

Action-Not Available
Vendor-zen-cartZen Cartzen_cart
Product-zen_cartZen Cartzen_cart
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2023-43608
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.82% / 52.71%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 11:30
Updated-04 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.

Action-Not Available
Vendor-buildrootBuildroot
Product-buildrootBuildroot
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2024-50497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.51% / 39.70%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:35
Updated-11 May, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Online Ordering and Delivery Platform plugin <= 2.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through <= 2.0.0.

Action-Not Available
Vendor-buynowdepotwdescobuynowdepot
Product-advanced_online_ordering_and_delivery_platformAdvanced Online Ordering and Delivery Platformadvanced_online_ordering_and_delivery_platform
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2024-45416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.56% / 42.50%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root.

Action-Not Available
Vendor-n/aZTE Corporation
Product-n/azxhn_h338a_firmwarezxhn_h168n_firmwarezxhn_e500_firmwarezxhn_h168a_firmwarezxhn_e1600_firmwarezxhn_h108n_firmwarezxhn_e2615_firmwarezxhn_e2603_firmwarezxhn_z500_firmwarezxhn_e2618_firmware
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2019-19127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.25% / 65.80%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 14:18
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.

Action-Not Available
Vendor-tribalgroupn/a
Product-sits\n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-28944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.69% / 74.25%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 17:05
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.

Action-Not Available
Vendor-emcosoftwaren/aMicrosoft Corporation
Product-network_inventorywakeonlanunlock_itnetwork_software_scannermsi_package_builderremote_shutdownwindowsremote_installerping_monitorn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-8809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.03% / 59.58%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 18:57
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810.

Action-Not Available
Vendor-guruxn/a
Product-device_language_message_specification_directorn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7875
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.64%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 15:28
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability

DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.

Action-Not Available
Vendor-dext5RAONWIZ (Laonwiz Co., Ltd.)Microsoft Corporation
Product-dext5uploadwindowsDEXT5 Upload
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7874
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.56% / 42.74%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 12:49
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NEXACRO14 Runtime arbitrary file download and execution vulnerability

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

Action-Not Available
Vendor-tobesoftTOBESOFTMicrosoft Corporation
Product-windowsnexacroNEXACRO14
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7831
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.87% / 54.28%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 15:00
Updated-17 Sep, 2024 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

Action-Not Available
Vendor-inogardINOGARDMicrosoft Corporation
Product-windowsebiz4uEbiz4u CViewer Object AxECM.dll
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-5860
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.1||HIGH
EPSS-0.83% / 53.00%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:26
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS).

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-iq_centralized_managementbig-ip_link_controllerbig-ip_fraud_protection_servicebig-ip_policy_enforcement_managerbig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP, BIG-IQ
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-5876
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.1||HIGH
EPSS-0.57% / 43.06%
||
7 Day CHG~0.00%
Published-30 Apr, 2020 | 20:30
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-5867
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.1||HIGH
EPSS-0.40% / 31.97%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 19:58
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

Action-Not Available
Vendor-n/aF5, Inc.NetApp, Inc.
Product-cloud_backupnginx_controllerNGINX Controller
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-25788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.19% / 64.24%
||
7 Day CHG~0.00%
Published-19 Sep, 2020 | 20:18
Updated-22 Dec, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.

Action-Not Available
Vendor-tt-rssn/a
Product-tiny_tiny_rssn/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2020-2013
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.3||HIGH
EPSS-0.64% / 46.15%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Panorama context switch session cookie disclosure

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0;

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • Next
Details not found