Total
275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11836 | 1 Rediff | 1 Rediffmail | 2020-08-24 | 2.1 LOW | 4.6 MEDIUM |
| The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout. | |||||
| CVE-2019-2231 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555 | |||||
| CVE-2018-13992 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default. | |||||
| CVE-2019-15704 | 1 Fortinet | 1 Forticlient | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | |||||
| CVE-2019-18980 | 1 Philips | 2 Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656, Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. | |||||
| CVE-2019-18800 | 1 Rakuten | 1 Viber | 2020-08-24 | 4.3 MEDIUM | 8.8 HIGH |
| Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS. | |||||
| CVE-2019-4616 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2020-08-24 | 2.9 LOW | 3.5 LOW |
| IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644. | |||||
| CVE-2019-11405 | 1 Openapi-generator | 1 Openapi Generator | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies. | |||||
| CVE-2020-10039 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2020-07-15 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data. | |||||
| CVE-2016-10663 | 1 Node-wixtoolset Project | 1 Node-wixtoolset | 2020-06-17 | 9.3 HIGH | 8.1 HIGH |
| wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2017-17763 | 1 Liveqos | 1 Superbeam | 2020-02-04 | 7.6 HIGH | 7.5 HIGH |
| SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. | |||||
| CVE-2015-0558 | 1 Adbglobal | 2 P.dga4001n, P.dga4001n Firmware | 2020-01-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key. | |||||
| CVE-2019-18833 | 1 Barco | 2 Clickshare Button R9861500d01, Clickshare Button R9861500d01 Firmware | 2019-12-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key. | |||||
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2019-12-14 | 4.3 MEDIUM | 7.3 HIGH |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
| CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2019-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | |||||
| CVE-2016-10597 | 1 Cobalt-cli Project | 1 Cobalt-cli | 2019-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2010-3292 | 1 Mailscanner | 1 Mailscanner | 2019-11-15 | 2.1 LOW | 5.5 MEDIUM |
| The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2018-8864 | 1 Atisystem | 8 Alert4000, Alert4000 Firmware, Hpss16 and 5 more | 2019-10-09 | 2.9 LOW | 3.1 LOW |
| In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | |||||
| CVE-2018-7498 | 1 Philips | 2 Alice 6, Alice 6 Firmware | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. | |||||