Vulnerabilities (CVE)

Filtered by CWE-311
Total 305 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-20503 1 Cisco 1 Duo Authentication For Epic 2024-09-13 N/A 5.5 MEDIUM
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system. This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.
CVE-2024-31905 1 Ibm 1 Qradar Network Packet Capture 2024-08-28 N/A 5.9 MEDIUM
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.
CVE-2024-39746 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2024-08-23 N/A 5.9 MEDIUM
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE-2024-42657 1 Nepstech 2 Ntpl-xpon1gfevn, Ntpl-xpon1gfevn Firmware 2024-08-20 N/A 7.5 HIGH
An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process
CVE-2024-7396 2024-08-06 N/A N/A
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.