Total
647 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10376 | 1 Technicolor | 2 Tc7337net, Tc7337net Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. | |||||
CVE-2020-10281 | 1 Dronecode | 1 Micro Air Vehicle Link | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic. | |||||
CVE-2020-10124 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2024-11-21 | 4.4 MEDIUM | 7.1 HIGH |
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | |||||
CVE-2020-0884 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'. | |||||
CVE-2019-9532 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. | |||||
CVE-2019-9101 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | |||||
CVE-2019-8632 | 1 Apple | 1 Texture | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data. | |||||
CVE-2019-7675 | 1 Mobotix | 2 S14, S14 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI. | |||||
CVE-2019-6846 | 1 Schneider-electric | 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol. | |||||
CVE-2019-6845 | 1 Schneider-electric | 46 Modicon M340, Modicon M340 Firmware, Modicon M580 and 43 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol. | |||||
CVE-2019-6652 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any form of Transport Layer Security (TLS). | |||||
CVE-2019-6640 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, SNMP exposes sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is inserted into various profile types and accessed using SNMPv2. | |||||
CVE-2019-6613 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. | |||||
CVE-2019-6526 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. | |||||
CVE-2019-5635 | 1 Belwith-keeler | 2 Hickory Smart Ethernet Bridge, Hickory Smart Ethernet Bridge Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information. | |||||
CVE-2019-5503 | 1 Netapp | 1 Oncommand Workflow Automation | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
CVE-2019-5496 | 1 Netapp | 1 Oncommand Insight | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
CVE-2019-5494 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. | |||||
CVE-2019-5489 | 2 Linux, Netapp | 3 Linux Kernel, Active Iq Performance Analytics Services, Element Software Management Node | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. | |||||
CVE-2019-5448 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. |