Total
703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0066 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-0056 | 1 Microsoft | 19 .net, .net Framework, Microsoft.data.sqlclient and 16 more | 2024-11-21 | N/A | 8.7 HIGH |
| Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | |||||
| CVE-2023-6094 | 1 Moxa | 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. | |||||
| CVE-2023-5461 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5100 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | |||||
| CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-11-21 | N/A | 3.1 LOW |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
| CVE-2023-51741 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system. | |||||
| CVE-2023-51740 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system. | |||||
| CVE-2023-51390 | 1 Aiven | 1 Journalpump | 2024-11-21 | N/A | 6.5 MEDIUM |
| journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0. | |||||
| CVE-2023-50962 | 1 Ibm | 1 Powersc | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | |||||
| CVE-2023-50703 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | N/A | 6.3 MEDIUM |
| An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | |||||
| CVE-2023-50614 | 1 Cdebyte | 2 E880-ir01, E880-ir01 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. | |||||
| CVE-2023-4918 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. | |||||
| CVE-2023-4509 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. | |||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | |||||
| CVE-2023-46447 | 1 Popsdiabetes | 1 Rebel | 2024-11-21 | N/A | 4.3 MEDIUM |
| The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. | |||||
| CVE-2023-46385 | 1 Loytec | 1 L-inx Configurator | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||||
| CVE-2023-46383 | 1 Loytec | 1 L-inx Configurator | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||||
| CVE-2023-46382 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. | |||||
| CVE-2023-46380 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. | |||||