Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15509 | 1 Nordicsemi | 2 Android Ble Library, Dfu Library | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). | |||||
| CVE-2020-5879 | 1 F5 | 1 Big-ip Application Security Manager | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied. | |||||
| CVE-2020-4597 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Insights 2.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 184822. | |||||
| CVE-2019-9860 | 1 Abus | 6 Secvest Wireless Alarm System Fuaa50000, Secvest Wireless Alarm System Fuaa50000 Firmware, Secvest Wireless Remote Control Fube50014 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. | |||||
| CVE-2019-5505 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext. | |||||
| CVE-2019-8345 | 1 Estrongs | 1 Es File Explorer File Manager | 2021-07-21 | 4.3 MEDIUM | 4.2 MEDIUM |
| The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL. | |||||
| CVE-2020-6195 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system. | |||||
| CVE-2019-4667 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. | |||||
| CVE-2020-15482 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. | |||||
| CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | |||||
| CVE-2020-3841 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, Safari 13.0.5. A local user may unknowingly send a password unencrypted over the network. | |||||
| CVE-2020-4695 | 1 Ibm | 1 Api Connect | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality. | |||||
| CVE-2020-12638 | 1 Espressif | 3 Esp-idf, Esp8266 Nonos Sdk, Esp8266 Rtos Sdk | 2021-07-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. | |||||
| CVE-2020-14930 | 1 Bt Ctroms Terminal Project | 1 Bt Ctroms Terminal | 2021-07-21 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | |||||
| CVE-2019-12504 | 1 Inateck | 2 Wp2002, Wp2002 Firmware | 2021-07-21 | 8.3 HIGH | 8.8 HIGH |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | |||||
| CVE-2019-17356 | 1 Infinitestudio | 1 Infinite Design | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. | |||||
| CVE-2020-7907 | 1 Jetbrains | 1 Scala | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | |||||
| CVE-2020-5885 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | |||||
| CVE-2019-13394 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. | |||||
| CVE-2019-16732 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2021-07-21 | 9.3 HIGH | 8.1 HIGH |
| Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | |||||