CWE:
 

Topic
Date
Author
Med.
ABUS Secvest Wireless Control Device Missing Encryption
24.06.2020
Thomas Detert
Med.
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
24.10.2019
Matthias Deeg


CVEMAP Search Results

CVE
Details
Description
2024-10-10
Waiting for details
CVE-2024-47871

Updating...
 

 
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication.

 
2024-09-26
Waiting for details
CVE-2023-52950

Updating...
 

 
Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors.

 
2024-09-05
Waiting for details
CVE-2024-42495

Updating...
 

 
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data.

 
2024-08-22
Waiting for details
CVE-2024-39746

Updating...
 

 
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

 
2024-08-15
Waiting for details
CVE-2024-31905

Updating...
 

 
IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.

 
2024-07-18
Waiting for details
CVE-2024-38302

Updating...
 

 
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

 
2024-06-14
Waiting for details
CVE-2024-5731

Updating...
 

 
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.

 
2024-03-31
Waiting for details
CVE-2024-25027

Updating...
 

 
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.

 
2024-03-03
Waiting for details
CVE-2023-27291

Updating...
 

 
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.

 
2024-02-29
Waiting for details
CVE-2021-39090

Updating...
 

 
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top