Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3355 | 2 Gnome, Linux | 2 Evolution-data-server3, Linux Kernel | 2019-12-14 | 4.3 MEDIUM | 7.3 HIGH |
| evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. | |||||
| CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2019-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | |||||
| CVE-2016-10597 | 1 Cobalt-cli Project | 1 Cobalt-cli | 2019-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2010-3292 | 1 Mailscanner | 1 Mailscanner | 2019-11-15 | 2.1 LOW | 5.5 MEDIUM |
| The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2016-10595 | 1 Jdf-sass Project | 1 Jdf-sass | 2019-11-13 | 9.3 HIGH | 8.1 HIGH |
| jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10688 | 1 Haxe | 1 Haxe | 2019-11-12 | 9.3 HIGH | 8.1 HIGH |
| Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2019-13419 | 1 Search-guard | 1 Search Guard | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. | |||||
| CVE-2018-8864 | 1 Atisystem | 8 Alert4000, Alert4000 Firmware, Hpss16 and 5 more | 2019-10-09 | 2.9 LOW | 3.1 LOW |
| In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | |||||
| CVE-2018-8849 | 1 Medtronic | 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more | 2019-10-09 | 2.1 LOW | 4.6 MEDIUM |
| Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest. | |||||
| CVE-2018-7498 | 1 Philips | 2 Alice 6, Alice 6 Firmware | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. | |||||
| CVE-2018-4855 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. | |||||
| CVE-2018-3826 | 1 Elastic | 1 Elasticsearch | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _snapshot API. | |||||
| CVE-2018-1938 | 1 Ibm | 1 Cloud Private | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318. | |||||
| CVE-2018-1937 | 1 Ibm | 1 Cloud Private | 2019-10-09 | 2.1 LOW | 4.4 MEDIUM |
| IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. | |||||
| CVE-2018-1683 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455. | |||||
| CVE-2018-17915 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2019-10-09 | 6.4 MEDIUM | 9.8 CRITICAL |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code. | |||||
| CVE-2018-10612 | 1 Codesys | 12 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 9 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. | |||||
| CVE-2017-9632 | 1 Pdqinc | 22 Laserjet, Laserjet Firmware, Laserwash 360 and 19 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely. | |||||
| CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. | |||||