Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51741 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-08-02 | 7.5 High |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system. | ||||
| CVE-2023-51390 | 1 Aiven | 1 Journalpump | 2024-08-02 | 6.5 Medium |
| journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0. | ||||
| CVE-2023-50614 | 1 Cdebyte | 2 E880-ir01, E880-ir01 Firmware | 2024-08-02 | 7.5 High |
| An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. | ||||
| CVE-2023-50703 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-08-02 | 6.3 Medium |
| An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. | ||||
| CVE-2023-47745 | 2024-08-02 | 6.2 Medium | ||
| IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. | ||||
| CVE-2023-46447 | 1 Popsdiabetes | 1 Rebel | 2024-08-02 | 4.3 Medium |
| The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. | ||||
| CVE-2023-43503 | 1 Siemens | 1 Comos | 2024-08-02 | 3.5 Low |
| A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP. | ||||
| CVE-2023-42579 | 2 Google, Samsung | 2 Android, Samsung Keyboard | 2024-08-02 | 6.5 Medium |
| Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack. | ||||
| CVE-2023-42144 | 1 Shelly | 2 Trv, Trv Firmware | 2024-08-02 | 5.5 Medium |
| Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | ||||
| CVE-2023-40729 | 1 Siemens | 1 Qms Automotive | 2024-08-02 | 7.3 High |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information. | ||||
| CVE-2023-40544 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-08-02 | 5.7 Medium |
| An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | ||||
| CVE-2023-39172 | 1 Enbw | 2 Senec Storage Box, Senec Storage Box Firmware | 2024-08-02 | 9.1 Critical |
| The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. | ||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-08-02 | 6.5 Medium |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | ||||
| CVE-2023-33960 | 1 Openproject | 1 Openproject | 2024-08-02 | 7.5 High |
| OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to version 12.5.6, even if the entire instance is marked as `Login required` and prevents all truly anonymous access, the `/robots.txt` route remains publicly available. Version 12.5.6 has a fix for this issue. Alternatively, users can download a patchfile to apply the patch to any OpenProject version greater than 10.0 As a workaround, one may mark any public project as non-public and give anyone in need of access to the project a membership. | ||||
| CVE-2023-33730 | 1 Escanav | 1 Escan Management Console | 2024-08-02 | 9.8 Critical |
| Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. | ||||
| CVE-2023-33187 | 1 Highlight | 1 Highlight | 2024-08-02 | 5.4 Medium |
| Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `type="password"` inputs. A customer may assume that switching to `type="text"` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0. This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type="password"` continues to be obfuscated. | ||||
| CVE-2023-32784 | 1 Keepass | 1 Keepass | 2024-08-02 | 7.5 High |
| In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation. | ||||
| CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2024-08-02 | 7.5 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | ||||
| CVE-2023-31410 | 1 Sick | 1 Sick Eventcam App | 2024-08-02 | 9.8 Critical |
| A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted. | ||||
| CVE-2023-31300 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-08-02 | 7.5 High |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | ||||