CWE:
 

Topic
Date
Author
Med.
VeryFitPro 3.2.8 Insecure Transit
19.06.2021
Nick Decker
Med.
Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities
13.01.2020
m0ze
High
Across DR-810 ROM-0 - Backup File Disclosure
12.01.2019
SajjadBnz
Med.
MensaMax 4.3 Hardcoded Encryption Key Disclosure
02.10.2018
Stefan Pietsch
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
18.02.2017
Harry Sintonen
Med.
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
20.01.2016
Core
Med.
ElasticSearch Cloud-Azure Insecure Transit
20.09.2015
Pedro Andujar


CVEMAP Search Results

CVE
Details
Description
2021-06-30
Medium
CVE-2021-22380

Vendor: Huawei
Software: EMUI
 

 
There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.

 
2021-06-18
Low
CVE-2021-23846

Updating...
 

 
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

 
2021-06-03
Medium
CVE-2021-22325

Vendor: Huawei
Software: EMUI
 

 
There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.

 
2021-05-26
Low
CVE-2021-25643

Vendor: Couchbase
Software: Server
 

 
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.

 
2021-05-19
Low
CVE-2021-27925

Vendor: Couchbase
Software: Couchbase server
 

 
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.

 
Low
CVE-2021-27924

Vendor: Couchbase
Software: Couchbase server
 

 
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.

 
2021-05-17
Low
CVE-2021-32456

Updating...
 

 
SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.

 
2021-05-14
Medium
CVE-2020-27185

Updating...
 

 
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.

 
2021-04-27
Medium
CVE-2021-31671

Vendor: Pgsync project
Software: Pgsync
 

 
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

 
2021-04-26
Low
CVE-2021-3494

Vendor: Theforeman
Software: Foreman
 

 
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top