CWE:
 

Topic
Date
Author
Med.
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
24.10.2019
Matthias Deeg


CVEMAP Search Results

CVE
Details
Description
2019-12-06
Medium
CVE-2019-16672

Updating...
 

 
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.

 
2019-11-30
Medium
CVE-2019-19464

Updating...
 

 
The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.

 
2019-11-12
Low
CVE-2010-3299

Vendor: Rubyonrails
Software: Rails
 

 
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

 
Low
CVE-2010-3292

Vendor: Mailscanner
Software: Mailscanner
 

 
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.

 
2019-10-24
Low
CVE-2019-4398

Updating...
 

 
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259.

 
Medium
CVE-2019-18201

Updating...
 

 
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

 
2019-10-06
Medium
CVE-2019-17218

Updating...
 

 
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service.

 
2019-10-02
Low
CVE-2019-14959

Vendor: Jetbrains
Software: Toolbox
 

 
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.

 
2019-10-01
Low
CVE-2019-14954

Vendor: Jetbrains
Software: Intellij idea
 

 
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.

 
2019-09-10
Low
CVE-2019-1563

Vendor: Openssl
Software: Openssl
 

 
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

 

 


Copyright 2019, cxsecurity.com

 

Back to Top