Total
266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47128 | 1 Gotenna | 1 Gotenna Pro | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. | |||||
| CVE-2024-43814 | 1 Gotenna | 1 Gotenna | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro ATAK Plugin's default settings are to share Automatic Position, Location, and Information (PLI) updates every 60 seconds once the plugin is active and goTenna is connected. Users that are unaware of their settings and have not activated encryption before a mission may accidentally broadcast their location unencrypted. It is advised to verify PLI settings are the desired rate and activate encryption prior to mission. Update to the latest Plugin to disable this default setting. | |||||
| CVE-2024-41931 | 1 Gotenna | 1 Gotenna | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations. | |||||
| CVE-2024-6747 | 1 Checkmk | 1 Checkmk | 2024-10-15 | N/A | 7.5 HIGH |
| Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | |||||
| CVE-2024-8890 | 1 Circutor | 2 Q-smt, Q-smt Firmware | 2024-10-01 | N/A | 8.8 HIGH |
| An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established. | |||||
| CVE-2024-31200 | 1 Proges | 2 Sensor Net Connect Firmware V2, Sensor Net Connect V2 | 2024-08-12 | N/A | 4.6 MEDIUM |
| A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser. | |||||