Lucene search
K

201 matches found

CVE
CVE
added 2024/09/26 3:40 a.m.55 views

CVE-2023-52950

CVE-2023-52950 affects Synology Active Backup for Business Agent’s login component. The root cause is missing encryption of sensitive data, enabling adjacent (local) attackers to perform MITM-style credential exposure via unspecified vectors. Impact is confined to confidentiality loss of user cre...

5.3CVSS5.1AI score0.0008EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.13 views

PT-2024-14786 · Synology · Synology Active Backup For Business Agent

Name of the Vulnerable Software and Affected Versions: Synology Active Backup for Business Agent versions prior to 2.7.0-3221 Description: A missing encryption issue exists in the settings functionality of Synology Active Backup for Business Agent, allowing local users to obtain user credentials...

5CVSS6.7AI score0.00085EPSS
Exploits0References5
Arista
Arista
added 2024/09/24 12:0 a.m.38 views

Security Advisory 0104

Security Advisory 0104 . CSAF PDF Date: September 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | September 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-7142 CVSSv3.1 Base Score: 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Common Weakness Enumeration: CWE-311:...

4.6CVSS5.6AI score0.00095EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/09/05 10:41 p.m.16 views

CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...

7.1CVSS6.8AI score0.00299EPSS
Exploits0References1
ICS
ICS
added 2024/09/05 6:0 a.m.20 views

Hughes Network Systems WL3000 Fusion Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : Hughes Network Systems Equipment : WL3000 Fusion Software Vulnerabilities : Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS5.6AI score0.00299EPSS
Exploits0References10
ICS
ICS
added 2024/08/13 6:0 a.m.12 views

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

7.5CVSS6.3AI score0.00186EPSS
Exploits0References10
NVD
NVD
added 2024/08/05 2:15 p.m.17 views

CVE-2024-7396

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...

7.1CVSS0.00295EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/05 1:20 p.m.19 views

CVE-2024-7396 Plaintext Communication

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...

7.1CVSS0.00295EPSS
Exploits1References1
OSV
OSV
added 2024/07/18 4:15 p.m.6 views

CVE-2024-38302

Dell Data Lakehouse, versions 1.0.0.0, contains a Missing Encryption of Sensitive Data vulnerability in the DDAE Starburst. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure...

5.7CVSS5.8AI score0.00096EPSS
Exploits0References1
NVD
NVD
added 2024/07/18 4:15 p.m.31 views

CVE-2024-38302

Dell Data Lakehouse, versions 1.0.0.0, contains a Missing Encryption of Sensitive Data vulnerability in the DDAE Starburst. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure...

6.8CVSS0.00096EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/29 4:30 a.m.22 views

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...

8.1CVSS6.9AI score0.00501EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/05/29 3:19 a.m.8 views

WordPress AppPresser plugin <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass vulnerability

Improper Missing Encryption Exception Handling to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin AppPresser versions = 4.3.2...

8.1CVSS7AI score0.00501EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/05/29 12:0 a.m.24 views

(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of nginx. The issue results from a lac...

7.5CVSS7.5AI score0.00492EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/22 2:0 a.m.6 views

WordPress Frontend Admin by DynamiApps plugin <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation vulnerability

Improper Missing Encryption Exception Handling to Form Manipulation vulnerability discovered by István Márton in WordPress Plugin Frontend Admin by DynamiApps versions = 3.19.4...

9.8CVSS7AI score0.00815EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/31 12:15 p.m.23 views

CVE-2024-25027

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...

6.2CVSS6AI score0.00107EPSS
Exploits1References3
OSV
OSV
added 2024/03/31 12:15 p.m.4 views

CVE-2024-25027

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...

5.5CVSS5.7AI score0.00107EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/31 11:40 a.m.21 views

CVE-2024-25027 IBM Security Verify Access Container information disclosure

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...

6.2CVSS6AI score0.00107EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/31 11:40 a.m.28 views

CVE-2024-25027 IBM Security Verify Access Container information disclosure

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...

6.2CVSS6AI score0.00107EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.3 views

Dell BSAFE Micro Edition Suite Trust Management Issues Vulnerability

The Dell BSAFE Micro Edition Suite is a development toolkit from Dell Inc. that provides cryptographic, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in Dell BSAFE Micro Edition Suite versions prior to 4.5.2 and Dell BSAFE...

9.8CVSS9.2AI score0.00489EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/01/23 12:0 a.m.7 views

The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications arises from the lack of encryption measures for protected data, allowing attackers to disclose protected information.

The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications arises from the lack of encryption measures for protected data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

7.8CVSS7.1AI score0.00264EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder