Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10735 | 1 Claws-mail | 1 Mail | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2019-14808 | 1 Renpho | 1 Renpho | 2021-07-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials). | |||||
| CVE-2020-11542 | 1 3xlogic | 3 Infinias Eidc32, Infinias Eidc32 Firmware, Infinias Eidc32 Web | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. | |||||
| CVE-2020-27554 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | |||||
| CVE-2020-1343 | 1 Microsoft | 1 Visual Studio Live Share | 2021-07-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'. | |||||
| CVE-2020-11614 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer. | |||||
| CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | |||||
| CVE-2019-18199 | 1 Fujitsu | 2 Lx390, Lx390 Firmware | 2021-07-21 | 6.9 MEDIUM | 6.6 MEDIUM |
| An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. | |||||
| CVE-2019-14954 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | |||||
| CVE-2019-19463 | 1 Huami | 1 Mi Fit | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. | |||||
| CVE-2019-4689 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171826. | |||||
| CVE-2020-5886 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | |||||
| CVE-2020-5876 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up. | |||||
| CVE-2019-19316 | 1 Hashicorp | 1 Terraform | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | |||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2021-07-21 | 3.3 LOW | 8.8 HIGH |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
| CVE-2019-17393 | 1 Tomedo | 1 Server | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | |||||
| CVE-2019-16063 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data. | |||||
| CVE-2020-5860 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does not require a strong form of authentication and HA network failover traffic is not encrypted by Transport Layer Security (TLS). | |||||
| CVE-2019-10251 | 1 Ucweb | 1 Uc Browser | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The UCWeb UC Browser application through 2019-03-26 for Android uses HTTP to download certain modules associated with PDF and Microsoft Office files (related to libpicsel), which allows MITM attacks. | |||||
| CVE-2020-29380 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance. | |||||