Total
536 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1525 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117. | |||||
CVE-2018-19111 | 1 Google | 1 Cardboard | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS. | |||||
CVE-2019-4063 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. | |||||
CVE-2018-8842 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. | |||||
CVE-2018-6017 | 1 Tinder | 1 Tinder | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic. | |||||
CVE-2018-11402 | 1 Simplisafe | 2 U9k-kp1000, U9k-kp1000 Firmware | 2023-12-10 | 1.9 LOW | 6.6 MEDIUM |
SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. | |||||
CVE-2017-16040 | 1 Gfe-sass Project | 1 Gfe-sass | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2018-0281 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. | |||||
CVE-2018-1600 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745. | |||||
CVE-2018-11399 | 1 Simplisafe | 8 U9k-es1000, U9k-es1000 Firmware, U9k-kr1 and 5 more | 2023-12-10 | 1.9 LOW | 4.3 MEDIUM |
SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur. | |||||
CVE-2017-16035 | 1 Hubspot | 1 Hubl-server | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation. | |||||
CVE-2017-8154 | 1 Huawei | 2 Honor 8 Lite, Honor 8 Lite Firmware | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle (MITM) vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may exploit this vulnerability to tamper with downloaded themes. | |||||
CVE-2018-6019 | 1 Samsung | 1 Display Solutions | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. | |||||
CVE-2018-1297 | 1 Apache | 1 Jmeter | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. | |||||
CVE-2018-7259 | 1 Flightsimlabs | 1 A320-x | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the network for cleartext HTTP traffic. This behavior was removed in 2.0.1.232. | |||||
CVE-2018-6018 | 1 Tinder | 1 Tinder | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic. | |||||
CVE-2017-16041 | 1 Ikst Project | 1 Ikst | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | |||||
CVE-2017-12310 | 1 Cisco | 1 Spark Hybrid Calendar Service | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593. | |||||
CVE-2018-4227 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. |