Total
464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15330 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.3 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | ||||
| CVE-2020-12801 | 2 Libreoffice, Opensuse | 2 Libreoffice, Leap | 2024-11-21 | 5.3 Medium |
| If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. | ||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 High |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | ||||
| CVE-2020-12032 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-11-21 | 9.1 Critical |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI. | ||||
| CVE-2020-10273 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 7.5 High |
| MiR controllers across firmware versions 2.8.1.1 and before do not encrypt or protect in any way the intellectual property artifacts installed in the robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property and data. | ||||
| CVE-2020-10267 | 1 Universal-robots | 4 Ur10, Ur3, Ur5 and 1 more | 2024-11-21 | 7.5 High |
| Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). These files (*.urcaps) are stored under '/root/.urcaps' as plain zip files containing all the logic to add functionality to the UR3, UR5 and UR10 robots. This flaw allows attackers with access to the robot or the robot network (while in combination with other flaws) to retrieve and easily exfiltrate all installed intellectual property. | ||||
| CVE-2020-10124 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2024-11-21 | 7.1 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. | ||||
| CVE-2020-10039 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 8.1 High |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data. | ||||
| CVE-2019-9862 | 1 Abus | 6 Secvest Wireless Alarm System Fuaa50000, Secvest Wireless Alarm System Fuaa50000 Firmware, Secvest Wireless Remote Control Fube50014 and 3 more | 2024-11-21 | N/A |
| An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). | ||||
| CVE-2019-9681 | 1 Dahuasecurity | 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more | 2024-11-21 | 5.3 Medium |
| Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. | ||||
| CVE-2019-7311 | 1 Linksys | 2 Wrt1900acs, Wrt1900acs Firmware | 2024-11-21 | N/A |
| An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A lack of encryption in how the user login cookie (admin-auth) is stored on a victim's computer results in the admin password being discoverable by a local attacker, and usable to gain administrative access to the victim's router. The admin password is stored in base64 cleartext in an "admin-auth" cookie. An attacker sniffing the network at the time of login could acquire the router's admin password. Alternatively, gaining physical access to the victim's computer soon after an administrative login could result in compromise. | ||||
| CVE-2019-6526 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 9.8 Critical |
| Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. | ||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-11-21 | 7.5 High |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | ||||
| CVE-2019-6169 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | ||||
| CVE-2019-5448 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 8.1 High |
| Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. | ||||
| CVE-2019-4704 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 4.3 Medium |
| IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014. | ||||
| CVE-2019-4686 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 171822. | ||||
| CVE-2019-4616 | 2 Ibm, Linux | 2 Cloud Automation Manager, Linux Kernel | 2024-11-21 | 3.5 Low |
| IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 168644. | ||||
| CVE-2019-4471 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 6.5 Medium |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780. | ||||
| CVE-2019-4214 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2024-11-21 | 3.7 Low |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 159185. | ||||