Total
305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15581 | 1 Writediary | 1 Diary With Lock | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. | |||||
| CVE-2017-15397 | 1 Google | 1 Chrome Os | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position. | |||||
| CVE-2017-14953 | 1 Hikvision | 2 Ds-2cd2432f-iw, Ds-2cd2432f-iw Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| ** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product. | |||||
| CVE-2017-14012 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2017-12817 | 1 Kaspersky | 1 Internet Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | |||||
| CVE-2016-10663 | 1 Node-wixtoolset Project | 1 Node-wixtoolset | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10597 | 1 Cobalt-cli Project | 1 Cobalt-cli | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2015-3207 | 1 Openshift | 1 Origin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. | |||||
| CVE-2015-0558 | 1 Adbglobal | 2 P.dga4001n, P.dga4001n Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key. | |||||
| CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | |||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2010-3292 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | |||||
| CVE-2007-4961 | 1 Lindenlab | 1 Second Life | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | |||||
| CVE-2024-6400 | 1 Finrota | 1 Finrota | 2024-11-12 | N/A | 7.5 HIGH |
| Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03. | |||||
| CVE-2024-47871 | 1 Gradio Project | 1 Gradio | 2024-10-17 | N/A | 9.1 CRITICAL |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication. | |||||
| CVE-2024-20515 | 1 Cisco | 1 Identity Services Engine | 2024-10-08 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators. | |||||
| CVE-2024-42495 | 1 Echostar | 2 Fusion, Hughes Wl3000 | 2024-10-04 | N/A | 7.5 HIGH |
| Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data. | |||||
| CVE-2023-52950 | 1 Synology | 1 Active Backup For Business Agent | 2024-10-02 | N/A | 5.3 MEDIUM |
| Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. | |||||
| CVE-2023-52948 | 1 Synology | 1 Active Backup For Business Agent | 2024-10-02 | N/A | 5.0 MEDIUM |
| Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | |||||