Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
VeryFitPro 3.2.8 Insecure Transit
19.06.2021
Nick Decker
Med.
Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities
13.01.2020
m0ze
High
Across DR-810 ROM-0 - Backup File Disclosure
12.01.2019
SajjadBnz
Med.
MensaMax 4.3 Hardcoded Encryption Key Disclosure
02.10.2018
Stefan Pietsch
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
18.02.2017
Harry Sintonen
Med.
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
20.01.2016
Core
Med.
ElasticSearch Cloud-Azure Insecure Transit
20.09.2015
Pedro Andujar
CVEMAP Search Results
CVE
Details
Description
2021-06-30
Medium
CVE-2021-22380
Vendor:
Huawei
Software:
EMUI
There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability.
2021-06-18
Low
CVE-2021-23846
Updating...
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.
2021-06-03
Medium
CVE-2021-22325
Vendor:
Huawei
Software:
EMUI
There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission.
2021-05-26
Low
CVE-2021-25643
Vendor:
Couchbase
Software:
Server
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call.
2021-05-19
Low
CVE-2021-27925
Vendor:
Couchbase
Software:
Couchbase server
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can (depending on a race condition) cause an internal user with administrator privileges, @ns_server, to have its credentials leaked in cleartext in the ns_server.info.log file.
Low
CVE-2021-27924
Vendor:
Couchbase
Software:
Couchbase server
An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires.
2021-05-17
Low
CVE-2021-32456
Updating...
SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.
2021-05-14
Medium
CVE-2020-27185
Updating...
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
2021-04-27
Medium
CVE-2021-31671
Vendor:
Pgsync project
Software:
Pgsync
pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.
2021-04-26
Low
CVE-2021-3494
Vendor:
Theforeman
Software:
Foreman
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if certain conditions are met. The highest threat from this flaw is to system confidentiality. This flaw affects Foreman versions before 2.5.0.
Copyright
2021
, cxsecurity.com
Back to Top
