Total
275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4855 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. | |||||
| CVE-2018-3826 | 1 Elastic | 1 Elasticsearch | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | |||||
| CVE-2018-1937 | 1 Ibm | 1 Cloud Private | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. | |||||
| CVE-2018-1938 | 1 Ibm | 1 Cloud Private | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318. | |||||
| CVE-2018-1683 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455. | |||||
| CVE-2018-17915 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2019-10-09 | 6.4 MEDIUM | 9.8 CRITICAL |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code. | |||||
| CVE-2018-10612 | 1 Codesys | 12 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 9 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | |||||
| CVE-2017-9632 | 1 Pdqinc | 22 Laserjet, Laserjet Firmware, Laserwash 360 and 19 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely. | |||||
| CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. | |||||
| CVE-2017-3198 | 1 Gigabyte | 4 Gb-bsi7h-6500, Gb-bsi7h-6500 Firmware, Gb-bxi7-5775 and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. | |||||
| CVE-2017-16003 | 1 Windows-build-tools Project | 1 Windows-build-tools | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2017-14012 | 1 Bostonscientific | 2 Zoom Latitude Prm 3120, Zoom Latitude Prm 3120 Firmware | 2019-10-09 | 2.1 LOW | 4.6 MEDIUM |
| Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | |||||
| CVE-2018-5162 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |||||
| CVE-2017-8168 | 1 Huawei | 1 Fusionsphere Openstack | 2019-10-03 | 3.3 LOW | 4.3 MEDIUM |
| FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted. | |||||
| CVE-2017-6297 | 1 Mikrotik | 1 Routeros | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. | |||||
| CVE-2018-5185 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |||||
| CVE-2018-17563 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext. | |||||
| CVE-2018-5482 | 1 Netapp | 1 Snapcenter Server | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel. | |||||
| CVE-2018-20100 | 1 August | 2 August Connect, August Connect Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to discover home Wi-Fi credentials. This data transfer uses an unencrypted access point for these credentials, and passes them in an HTTP POST, using the AugustWifiDevice class, with data encrypted with a fixed key found obfuscated in the app. | |||||
| CVE-2018-5481 | 1 Netapp | 1 Oncommand Unified Manager | 2019-10-03 | 5.8 MEDIUM | 7.4 HIGH |
| OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 uses cookies that lack the secure attribute in certain circumstances making it vulnerable to impersonation via man-in-the-middle (MITM) attacks. | |||||