Total
282 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-37192 | 1 Bitcoin | 1 Bitcoin Core | 2023-12-10 | N/A | 7.5 HIGH |
Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing. | |||||
CVE-2023-32290 | 1 Vk.company | 1 Mymail | 2023-12-10 | N/A | 7.5 HIGH |
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. | |||||
CVE-2023-28045 | 1 Dell | 1 Cloudiq Collector | 2023-12-10 | N/A | 7.1 HIGH |
Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. | |||||
CVE-2023-33849 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2023-12-10 | N/A | 3.7 LOW |
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 could transmit sensitive information in query parameters that could be intercepted using man in the middle techniques. IBM X-Force ID: 257105. | |||||
CVE-2023-30602 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator. | |||||
CVE-2023-21404 | 1 Axis | 1 Axis Os | 2023-12-10 | N/A | 5.3 MEDIUM |
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data. | |||||
CVE-2023-32982 | 1 Jenkins | 1 Ansible | 2023-12-10 | N/A | 4.3 MEDIUM |
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
CVE-2022-38458 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2023-12-10 | N/A | 5.9 MEDIUM |
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. | |||||
CVE-2023-28999 | 1 Nextcloud | 2 Desktop, Nextcloud | 2023-12-10 | N/A | 6.4 MEDIUM |
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available. | |||||
CVE-2023-0750 | 1 Lynx-technik | 2 Yellobrik Pec 1864, Yellobrik Pec 1864 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued. | |||||
CVE-2022-4409 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | N/A | 7.5 HIGH |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | |||||
CVE-2022-4683 | 1 Usememos | 1 Memos | 2023-12-10 | N/A | 6.5 MEDIUM |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | |||||
CVE-2023-0690 | 1 Hashicorp | 1 Boundary | 2023-12-10 | N/A | 7.1 HIGH |
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0. | |||||
CVE-2022-47715 | 1 Lastyard | 1 Last Yard | 2023-12-10 | N/A | 5.3 MEDIUM |
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. | |||||
CVE-2021-4239 | 1 Noiseprotocol | 1 Noise | 2023-12-10 | N/A | 7.5 HIGH |
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages. | |||||
CVE-2022-38658 | 2 Hcltech, Microsoft | 2 Bigfix Server Automation, Windows | 2023-12-10 | N/A | 7.5 HIGH |
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed. | |||||
CVE-2022-21940 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2023-12-10 | N/A | 6.1 MEDIUM |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | |||||
CVE-2022-34307 | 1 Ibm | 1 Cics Tx | 2023-12-10 | N/A | 4.3 MEDIUM |
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. | |||||
CVE-2022-3251 | 1 Ikus-soft | 1 Minarca | 2023-12-10 | N/A | 5.3 MEDIUM |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2. | |||||
CVE-2022-39014 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-12-10 | N/A | 5.3 MEDIUM |
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. |