CWE:
 

Tytuł
Data
Autor
Med.
VeryFitPro 3.2.8 Insecure Transit
19.06.2021
Nick Decker
Med.
Real Estate 7 WordPress v2.9.4 Multiple Vulnerabilities
13.01.2020
m0ze
High
Across DR-810 ROM-0 - Backup File Disclosure
12.01.2019
SajjadBnz
Med.
MensaMax 4.3 Hardcoded Encryption Key Disclosure
02.10.2018
Stefan Pietsch
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
18.02.2017
Harry Sintonen
Med.
Intel Driver Update Utility 2.2.0.5 Man-In-The-Middle
20.01.2016
Core
Med.
ElasticSearch Cloud-Azure Insecure Transit
20.09.2015
Pedro Andujar


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-12
Low
CVE-2022-23105

Vendor: Jenkins
Software: Active directory
 

 
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

 
2021-12-30
Low
CVE-2021-20154

Updating...
 

 
Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.

 
2021-12-27
Waiting for details
CVE-2021-4161

Updating...
 

 
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

 
2021-12-16
Medium
CVE-2021-45100

Updating...
 

 
The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.

 
2021-11-18
Low
CVE-2021-37939

Vendor: Elastic
Software: Kibana
 

 

 
2021-11-12
Medium
CVE-2021-3792

Updating...
 

 
Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.

 
2021-11-10
Low
CVE-2021-42111

Vendor: Rcdevs
Software: Openotp token
 

 
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code.

 
2021-11-08
Low
CVE-2020-4152

Vendor: IBM
Software: Qradar netwo...
 

 
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

 
2021-11-05
Low
CVE-2021-29753

Vendor: IBM
Software: Business aut...
 

 
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

 
Low
CVE-2021-42699

Vendor: Azeotech
Software: Daqfactory
 

 

 

 


Copyright 2022, cxsecurity.com

 

Back to Top