Total
802 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25070 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | N/A | 6.5 MEDIUM |
| Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product. | |||||
| CVE-2023-30354 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | |||||
| CVE-2023-32784 | 1 Keepass | 1 Keepass | 2025-01-23 | N/A | 7.5 HIGH |
| In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation. | |||||
| CVE-2024-0860 | 1 Softing | 2 Edgeaggregator, Edgeconnector | 2025-01-23 | N/A | 8.0 HIGH |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | |||||
| CVE-2024-28134 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 7.0 HIGH |
| An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. | |||||
| CVE-2024-26288 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-23 | N/A | 8.7 HIGH |
| An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. | |||||
| CVE-2024-46505 | 2025-01-23 | N/A | 9.1 CRITICAL | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | |||||
| CVE-2023-39245 | 1 Dell | 1 Enterprise Storage Integrator For Sap Landscape Management | 2025-01-23 | N/A | 9.8 CRITICAL |
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | |||||
| CVE-2023-27927 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | N/A | 6.5 MEDIUM |
| An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials. | |||||
| CVE-2024-45102 | 2025-01-14 | N/A | 6.8 MEDIUM | ||
| A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | |||||
| CVE-2021-26564 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 5.8 MEDIUM | 8.3 HIGH |
| Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | |||||
| CVE-2021-26560 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 5.8 MEDIUM | 9.0 CRITICAL |
| Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | |||||
| CVE-2021-26565 | 1 Synology | 7 Diskstation Manager, Diskstation Manager Unified Controller, Skynas and 4 more | 2025-01-14 | 4.3 MEDIUM | 8.3 HIGH |
| Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | |||||
| CVE-2020-27656 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | |||||
| CVE-2023-28348 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | N/A | 7.4 HIGH |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students. | |||||
| CVE-2024-49819 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-10 | N/A | 4.1 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | |||||
| CVE-2024-49820 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-10 | N/A | 3.7 LOW |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | |||||
| CVE-2023-33730 | 1 Escanav | 1 Escan Management Console | 2025-01-10 | N/A | 9.8 CRITICAL |
| Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | |||||
| CVE-2024-28250 | 1 Cilium | 1 Cilium | 2025-01-09 | N/A | 6.1 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. | |||||
| CVE-2024-28249 | 1 Cilium | 1 Cilium | 2025-01-09 | N/A | 6.1 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. | |||||