Total
663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1749 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-15954 | 2 Debian, Kde | 2 Debian Linux, Kmail | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | |||||
| CVE-2020-15785 | 1 Siemens | 1 Siveillance Video Client | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. | |||||
| CVE-2020-14248 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | |||||
| CVE-2020-14171 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. | |||||
| CVE-2020-14093 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | |||||
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | |||||
| CVE-2020-13528 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability. | |||||
| CVE-2020-12730 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | |||||
| CVE-2020-12398 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. | |||||
| CVE-2020-12048 | 1 Baxter | 2 Phoenix X36, Phoenix X36 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool. | |||||
| CVE-2020-12040 | 1 Baxter | 2 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack. | |||||
| CVE-2020-12037 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. | |||||
| CVE-2020-12036 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. | |||||
| CVE-2020-12008 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. | |||||
| CVE-2020-11718 | 1 Bilanc | 1 Bilanc | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP. | |||||
| CVE-2020-11614 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer. | |||||
| CVE-2020-10628 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | |||||
| CVE-2020-10624 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | |||||
| CVE-2020-10376 | 1 Technicolor | 2 Tc7337net, Tc7337net Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. | |||||