Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28896 | 1 Preh | 2 Mib3, Mib3 Firmware | 2024-08-02 | 3.3 Low |
| Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | ||||
| CVE-2023-22271 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-08-02 | 5.3 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | ||||
| CVE-2023-7237 | 1 Lantronix | 2 Xport Edge, Xport Edge Firmware | 2024-08-02 | 5.7 Medium |
| Lantronix XPort sends weakly encoded credentials within web request headers. | ||||
| CVE-2023-0356 | 1 Socomec | 2 Modulys Gp, Net Vision | 2024-08-02 | 5.7 Medium |
| SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. | ||||
| CVE-2024-28270 | 1 Enilu | 1 Web-flash | 2024-08-02 | 8.1 High |
| An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. | ||||
| CVE-2024-23492 | 2024-08-01 | 5.7 Medium | ||
| A weak encoding is used to transmit credentials for WS203VICM. | ||||
| CVE-2024-5434 | 1 Campbellsci | 2 Csi Web Server, Rtmc | 2024-08-01 | N/A |
| The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to gain access to the file, passwords could be decoded and reused to gain access. | ||||