Total
299 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-32290 | 1 Vk.company | 1 Mymail | 2025-01-29 | N/A | 7.5 HIGH |
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. | |||||
CVE-2024-38325 | 2025-01-27 | N/A | 5.9 MEDIUM | ||
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
CVE-2023-35888 | 1 Ibm | 1 Security Verify Governance | 2025-01-27 | N/A | 5.9 MEDIUM |
IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375. | |||||
CVE-2024-41757 | 2025-01-24 | N/A | 5.9 MEDIUM | ||
IBM Concert Software 1.0.0 and 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
CVE-2023-32982 | 1 Jenkins | 1 Ansible | 2025-01-23 | N/A | 4.3 MEDIUM |
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 4.3 MEDIUM | 5.8 MEDIUM |
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
CVE-2024-7142 | 2025-01-10 | N/A | 4.6 MEDIUM | ||
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | |||||
CVE-2024-28250 | 1 Cilium | 1 Cilium | 2025-01-09 | N/A | 6.1 MEDIUM |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. | |||||
CVE-2024-28249 | 1 Cilium | 1 Cilium | 2025-01-09 | N/A | 6.1 MEDIUM |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. | |||||
CVE-2023-34258 | 1 Bmc | 1 Patrol | 2025-01-08 | N/A | 7.5 HIGH |
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. | |||||
CVE-2021-39090 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-12-31 | N/A | 5.9 MEDIUM |
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388. | |||||
CVE-2024-25630 | 1 Cilium | 1 Cilium | 2024-12-18 | N/A | 6.1 MEDIUM |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue. | |||||
CVE-2024-25631 | 1 Cilium | 1 Cilium | 2024-12-18 | N/A | 6.1 MEDIUM |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue. | |||||
CVE-2024-4995 | 2024-12-18 | N/A | 9.8 CRITICAL | ||
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0. | |||||
CVE-2024-5731 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | |||||
CVE-2024-41124 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. | |||||
CVE-2024-38283 | 2024-11-21 | N/A | N/A | ||
Sensitive customer information is stored in the device without encryption. | |||||
CVE-2024-29151 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | |||||
CVE-2024-27106 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
Vulnerable data in transit in GE HealthCare EchoPAC products | |||||
CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 6.2 MEDIUM |
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. |