Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5869 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. | |||||
| CVE-2020-10635 | 1 Kuka | 1 Sim Pro | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext. | |||||
| CVE-2019-20844 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | |||||
| CVE-2018-7295 | 1 Square-enix | 1 Final Fantasy Xiv | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. This is fixed in Patch 4.3. | |||||
| CVE-2018-14526 | 3 Canonical, Debian, W1.fi | 3 Ubuntu Linux, Debian Linux, Wpa Supplicant | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. | |||||
| CVE-2015-2968 | 1 Line | 1 Line\@ | 2024-11-21 | N/A | 5.9 MEDIUM |
| LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | |||||
| CVE-2015-0897 | 1 Line | 1 Line | 2024-11-21 | N/A | 5.9 MEDIUM |
| LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | |||||
| CVE-2024-43450 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2024-11-19 | N/A | 7.5 HIGH |
| Windows DNS Spoofing Vulnerability | |||||