Total
312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38283 | 2024-11-21 | N/A | N/A | ||
| Sensitive customer information is stored in the device without encryption. | |||||
| CVE-2024-29151 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | |||||
| CVE-2024-27106 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| Vulnerable data in transit in GE HealthCare EchoPAC products | |||||
| CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | |||||
| CVE-2024-24768 | 1 Fit2cloud | 1 1panel | 2024-11-21 | N/A | 6.5 MEDIUM |
| 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. | |||||
| CVE-2023-4580 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 6.5 MEDIUM |
| Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. | |||||
| CVE-2023-4420 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted. | |||||
| CVE-2023-4384 | 2024-11-21 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-49927 | 1 Samsung | 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 23 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption. | |||||
| CVE-2023-44098 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-43618 | 1 Schollz | 1 Croc | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message. | |||||
| CVE-2023-42019 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161. | |||||
| CVE-2023-41096 | 1 Silabs | 1 Emberznet Sdk | 2024-11-21 | N/A | 6.8 MEDIUM |
| Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. | |||||
| CVE-2023-41095 | 1 Silabs | 1 Openthread Sdk | 2024-11-21 | N/A | 6.8 MEDIUM |
| Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. | |||||
| CVE-2023-39954 | 1 Nextcloud | 1 User Oidc | 2024-11-21 | N/A | 3.8 LOW |
| user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available. | |||||
| CVE-2023-39843 | 1 Sulimet | 2 5-in-1 Smart Door Lock, 5-in-1 Smart Door Lock Firmware | 2024-11-21 | N/A | 2.4 LOW |
| Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | |||||
| CVE-2023-39842 | 1 Mydigoo | 2 Dg-hamb Smart Home Security System, Dg-hamb Smart Home Security System Firmware | 2024-11-21 | N/A | 2.4 LOW |
| Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | |||||
| CVE-2023-39841 | 1 Etekcity | 2 3-in-1 Smart Door Lock, 3-in-1 Smart Door Lock Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
| Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | |||||
| CVE-2023-38699 | 1 Mindsdb | 1 Mindsdb | 2024-11-21 | N/A | 9.1 CRITICAL |
| MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | |||||
| CVE-2023-38688 | 1 Xithrius | 1 Twitch-tui | 2024-11-21 | N/A | 7.5 HIGH |
| twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue. | |||||