Total
446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22401 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-09-12 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567. | |||||
| CVE-2022-22405 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2023-09-12 | N/A | 5.9 MEDIUM |
| IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576. | |||||
| CVE-2023-33833 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2023-09-01 | N/A | 3.3 LOW |
| IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013. | |||||
| CVE-2023-4420 | 1 Sick | 6 Lms500, Lms500 Firmware, Lms511 and 3 more | 2023-08-30 | N/A | 7.4 HIGH |
| A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted. | |||||
| CVE-2023-40251 | 1 Genians | 2 Genian Nac, Genian Ztna | 2023-08-29 | N/A | 5.9 MEDIUM |
| Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | |||||
| CVE-2023-39841 | 1 Etekcity | 2 3-in-1 Smart Door Lock, 3-in-1 Smart Door Lock Firmware | 2023-08-22 | N/A | 4.6 MEDIUM |
| Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | |||||
| CVE-2023-39842 | 1 Mydigoo | 2 Dg-hamb Smart Home Security System, Dg-hamb Smart Home Security System Firmware | 2023-08-22 | N/A | 2.4 LOW |
| Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | |||||
| CVE-2023-39843 | 1 Sulimet | 2 5-in-1 Smart Door Lock, 5-in-1 Smart Door Lock Firmware | 2023-08-22 | N/A | 2.4 LOW |
| Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. | |||||
| CVE-2019-10103 | 1 Jetbrains | 1 Kotlin | 2023-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101. | |||||
| CVE-2023-39954 | 1 Nextcloud | 1 User Oidc | 2023-08-16 | N/A | 8.1 HIGH |
| user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available. | |||||
| CVE-2023-38699 | 1 Mindsdb | 1 Mindsdb | 2023-08-10 | N/A | 6.5 MEDIUM |
| MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. | |||||
| CVE-2023-38688 | 1 Xithrius | 1 Twitch-tui | 2023-08-09 | N/A | 7.5 HIGH |
| twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue. | |||||
| CVE-2022-26281 | 1 Bigantsoft | 1 Bigant Server | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. | |||||
| CVE-2022-34307 | 1 Ibm | 1 Cics Tx | 2023-08-08 | N/A | 4.3 MEDIUM |
| IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. | |||||
| CVE-2022-26157 | 1 Cherwell | 1 Cherwell Service Management | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels. | |||||
| CVE-2021-40642 | 1 Textpattern | 1 Textpattern | 2023-08-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. | |||||
| CVE-2023-31825 | 1 Inageya | 1 Inageya | 2023-07-25 | N/A | 7.5 HIGH |
| An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function. | |||||
| CVE-2023-31822 | 1 Entetsu | 1 Entetsu Store | 2023-07-25 | N/A | 7.5 HIGH |
| An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function. | |||||
| CVE-2023-31820 | 1 Shizutetsu | 1 Shizutetsu Store | 2023-07-25 | N/A | 7.5 HIGH |
| An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | |||||
| CVE-2023-31819 | 1 Livre | 1 Keisei Store | 2023-07-25 | N/A | 7.5 HIGH |
| An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | |||||