Total
616 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-26288 | 2024-06-28 | 8.7 High | ||
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. | ||||
CVE-2024-37183 | 2024-06-21 | 5.7 Medium | ||
Plain text credentials and session ID can be captured with a network sniffer. | ||||
CVE-2024-5996 | 2024-06-18 | 8.8 High | ||
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system. | ||||
CVE-2024-27163 | 2024-06-17 | 6.5 Medium | ||
Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the printer. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
CVE-2024-27166 | 2024-06-17 | 7.4 High | ||
Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | ||||
CVE-2024-37393 | 1 Securenvoy | 1 Multi-factor Authentication Solutions | 2024-06-12 | 7.5 High |
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. | ||||
CVE-2024-21406 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2024-06-11 | 7.5 High |
Windows Printing Service Spoofing Vulnerability | ||||
CVE-2024-0056 | 1 Microsoft | 19 .net, .net Framework, Microsoft.data.sqlclient and 16 more | 2024-06-11 | 8.7 High |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | ||||
CVE-2024-35210 | 2024-06-11 | 6.5 Medium | ||
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information. | ||||
CVE-2024-30209 | 2024-06-11 | 9.6 Critical | ||
A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected systems transmit client-side resources without proper cryptographic protection. This could allow an attacker to eavesdrop on and modify resources in transit. A successful exploit requires an attacker to be in the network path between the RTLS Locating Manager server and a client (MitM). | ||||
CVE-2024-37163 | 2024-06-07 | 6.4 Medium | ||
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0. | ||||
CVE-2024-28134 | 2024-06-06 | 7.0 High | ||
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. | ||||
CVE-2024-0098 | 2024-06-06 | 5.5 Medium | ||
NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. A successful exploit of this vulnerability might lead to information disclosure. | ||||
CVE-2023-23130 | 1 Connectwise | 1 Automate | 2024-06-04 | 5.9 Medium |
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. | ||||
CVE-2022-38710 | 2 Ibm, Microsoft | 4 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 1 more | 2024-06-04 | 5.3 Medium |
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. | ||||
CVE-2021-20599 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-06-04 | 7.5 High |
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | ||||
CVE-2024-0220 | 2024-05-27 | 8.3 High | ||
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | ||||
CVE-2023-5461 | 1 Deltaww | 1 Wplsoft | 2024-05-17 | 5.9 Medium |
A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-3763 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-05-17 | 7.5 High |
A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-3761 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-05-17 | 7.5 High |
A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |