Total
615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34972 | 1 Qnap | 2 Qts, Quts Hero | 2023-08-31 | N/A | 6.5 MEDIUM |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later | |||||
| CVE-2023-25848 | 1 Esri | 1 Arcgis Server | 2023-08-31 | N/A | 5.3 MEDIUM |
| ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed. | |||||
| CVE-2019-10102 | 1 Jetbrains | 2 Kotlin, Ktor | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30. | |||||
| CVE-2019-10101 | 1 Jetbrains | 1 Kotlin | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | |||||
| CVE-2023-39086 | 1 Asus | 2 Rt-ac66u B1, Rt-ac66u B1 Firmware | 2023-08-14 | N/A | 7.5 HIGH |
| ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. | |||||
| CVE-2023-2754 | 1 Cloudflare | 1 Warp | 2023-08-09 | N/A | 6.8 MEDIUM |
| The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | |||||
| CVE-2021-40148 | 1 Mediatek | 53 L9, Lr11, Lr12 and 50 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. | |||||
| CVE-2021-45081 | 1 Cobbler Project | 1 Cobbler | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. | |||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | |||||
| CVE-2022-47714 | 1 Lastyard | 1 Last Yard | 2023-08-08 | N/A | 9.8 CRITICAL |
| Last Yard 22.09.8-1 does not enforce HSTS headers | |||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | |||||
| CVE-2021-43270 | 1 Datalust | 1 Seq.app.emailplus | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended. | |||||
| CVE-2022-29945 | 1 Dji | 22 Air 2, Air 2 Firmware, Air 2s and 19 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. | |||||
| CVE-2021-41849 | 3 Bluproducts, Luna, Wikomobile | 10 G9, G90, G90 Firmware and 7 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | |||||
| CVE-2021-1896 | 1 Qualcomm | 44 Aqt1000, Aqt1000 Firmware, Qca6164 and 41 more | 2023-08-08 | 3.3 LOW | 4.3 MEDIUM |
| Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity | |||||
| CVE-2022-0005 | 1 Intel | 918 Celeron G5205u, Celeron G5205u Firmware, Celeron G5305u and 915 more | 2023-08-08 | 2.1 LOW | 2.4 LOW |
| Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. | |||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2023-08-03 | N/A | 5.3 MEDIUM |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | |||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2023-07-28 | N/A | 5.9 MEDIUM |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | |||||
| CVE-2023-34142 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2023-07-27 | N/A | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. | |||||
| CVE-2022-26077 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||