Vulnerabilities (CVE)

CWE filter



6 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12728 1 Grails 1 Grails 2019-10-09 6.8
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
CVE-2019-11770 2019-10-09 6.8
In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build...
CVE-2019-10248 1 Eclipse 1 Vorto 2019-10-09 6.8
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of...
CVE-2017-14013 1 Prominent 1 Multiflex M10a Controller Firmware 2019-10-09 6.8
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to...
CVE-2019-10753 2019-09-06 4.3
In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the...
CVE-2016-5062 1 Aternity 1 Aternity 2017-04-10 9.3
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.