Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12813 | 1 Crossmatch | 2 Digital Persona U.are.u 4500, Digital Persona U.are.u 4500 Firmware | 2024-08-04 | N/A |
| An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt. | ||||
| CVE-2019-12781 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-08-04 | N/A |
| An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. | ||||
| CVE-2019-12505 | 1 Inateck | 2 Wp1001, Wp1001 Firmware | 2024-08-04 | N/A |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12504 | 1 Inateck | 2 Wp2002, Wp2002 Firmware | 2024-08-04 | N/A |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12503 | 1 Inateck | 2 Bcst-60, Bcst-60 Firmware | 2024-08-04 | 9.8 Critical |
| Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12506 | 1 Logitech | 2 R700 Laser Presentation Remote, R700 Laser Presentation Remote Firmware | 2024-08-04 | N/A |
| Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. | ||||
| CVE-2019-12388 | 1 Anviz | 1 Anviz Firmware | 2024-08-04 | 7.5 High |
| Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. | ||||
| CVE-2019-12399 | 3 Apache, Oracle, Redhat | 14 Kafka, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 11 more | 2024-08-04 | 7.5 High |
| When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | ||||
| CVE-2019-12122 | 1 Onap | 1 Open Network Automation Platform | 2024-08-04 | 6.5 Medium |
| An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected. | ||||
| CVE-2019-11739 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-08-04 | 6.5 Medium |
| Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. | ||||
| CVE-2019-11220 | 1 Ilnkp2p Project | 1 Ilnkp2p | 2024-08-04 | N/A |
| An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. | ||||
| CVE-2019-10926 | 1 Siemens | 4 Simatic Mv420, Simatic Mv420 Firmware, Simatic Mv440 and 1 more | 2024-08-04 | N/A |
| A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position. The security vulnerability can be exploited by an attacker in a privileged network position which allows eavesdropping the communication between the affected device and the user. The user must invoke a session. Successful exploitation of the vulnerability compromises confidentiality of the data transmitted. | ||||
| CVE-2019-10740 | 3 Fedoraproject, Opensuse, Roundcube | 4 Fedora, Backports Sle, Leap and 1 more | 2024-08-04 | 4.3 Medium |
| In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | ||||
| CVE-2019-10735 | 1 Claws-mail | 1 Mail | 2024-08-04 | N/A |
| In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | ||||
| CVE-2019-10732 | 2 Debian, Kde | 2 Debian Linux, Kmail | 2024-08-04 | 4.3 Medium |
| In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | ||||
| CVE-2019-10734 | 1 Trojita Project | 1 Trojita | 2024-08-04 | N/A |
| In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | ||||
| CVE-2019-10435 | 1 Jenkins | 1 Sourcegear Vault | 2024-08-04 | 7.5 High |
| Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2019-10427 | 1 Jenkins | 1 Aqua Microscanner | 2024-08-04 | 5.3 Medium |
| Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2019-10434 | 1 Jenkins | 1 Ldap Email | 2024-08-04 | 7.5 High |
| Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2019-10411 | 1 Jenkins | 1 Inedo Buildmaster | 2024-08-04 | 7.5 High |
| Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||