Total
624 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38458 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2023-03-28 | N/A | 5.9 MEDIUM |
| A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. | |||||
| CVE-2019-13498 | 1 Oneidentity | 1 Cloud Access Manager | 2023-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | |||||
| CVE-2022-39269 | 1 Pjsip | 1 Pjsip | 2023-02-24 | N/A | 9.1 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-45546 | 1 Screencheck | 1 Badgemaker | 2023-02-23 | N/A | 7.5 HIGH |
| Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing. | |||||
| CVE-2022-40693 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-16 | N/A | 7.5 HIGH |
| A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||
| CVE-2023-25016 | 1 Couchbase | 1 Couchbase Server | 2023-02-14 | N/A | 7.5 HIGH |
| Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2019-6613 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with various profile types and is accessed using SNMPv2. | |||||
| CVE-2023-24440 | 1 Jenkins | 1 Jira Pipeline Steps | 2023-02-04 | N/A | 5.5 MEDIUM |
| Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-4162 | 1 Ibm | 1 Security Information Queue | 2023-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. | |||||
| CVE-2019-4063 | 1 Ibm | 1 Sterling B2b Integrator | 2023-02-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. | |||||
| CVE-2019-4382 | 1 Ibm | 1 Api Connect | 2023-01-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. | |||||
| CVE-2020-15785 | 1 Siemens | 1 Siveillance Video Client | 2023-01-27 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. | |||||
| CVE-2020-12730 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2023-01-20 | 2.9 LOW | 5.3 MEDIUM |
| MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | |||||
| CVE-2020-36423 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2023-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. | |||||
| CVE-2023-0055 | 1 Pyload | 1 Pyload | 2023-01-11 | N/A | 5.3 MEDIUM |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. | |||||
| CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-29 | N/A | 8.8 HIGH |
| When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2022-47895 | 1 Jetbrains | 1 Intellij Idea | 2022-12-29 | N/A | 7.5 HIGH |
| In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. | |||||
| CVE-2020-9420 | 1 Arcadyan | 2 Vrv9506jac23, Vrv9506jac23 Firmware | 2022-12-16 | N/A | 6.5 MEDIUM |
| The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router. | |||||
| CVE-2022-40939 | 1 Secu | 2 Secustation, Secustation Firmware | 2022-12-13 | N/A | 4.9 MEDIUM |
| In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. | |||||
| CVE-2022-46685 | 1 Gitea | 1 Gitea | 2022-12-12 | N/A | 4.3 MEDIUM |
| In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log. | |||||