CWE:
 

Topic
Date
Author
Med.
ABUS Secvest Wireless Control Device Missing Encryption
24.06.2020
Thomas Detert
Med.
Fujitsu Wireless Keyboard Set LX390 Missing Encryption
24.10.2019
Matthias Deeg


CVEMAP Search Results

CVE
Details
Description
2020-07-14
Medium
CVE-2020-10039

Updating...
 

 
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data.

 
2020-07-09
Low
CVE-2020-12398

Vendor: Mozilla
Software: Thunderbird
 

 
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

 
2020-07-07
Medium
CVE-2020-15574

Vendor: Solarwinds
Software: Serv-u
 

 
SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893.

 
Low
CVE-2020-15509

Vendor: Nordicsemi
Software: Android ble ...
 

 
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler).

 
2020-06-29
Low
CVE-2019-18254

Updating...
 

 
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

 
2020-05-18
Medium
CVE-2020-12801

Vendor: Libreoffice
Software: Libreoffice
 

 
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3.

 
2020-05-12
Medium
CVE-2020-12772

Updating...
 

 
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.)

 
2020-05-07
Medium
CVE-2020-12692

Vendor: Openstack
Software: Keystone
 

 
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

 
Medium
CVE-2020-12691

Vendor: Openstack
Software: Keystone
 

 
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

 
2020-04-30
Low
CVE-2020-5879

Vendor: F5
Software: Big-ip appli...
 

 
On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top