201 matches found
CVE-2023-52950
CVE-2023-52950 affects Synology Active Backup for Business Agent’s login component. The root cause is missing encryption of sensitive data, enabling adjacent (local) attackers to perform MITM-style credential exposure via unspecified vectors. Impact is confined to confidentiality loss of user cre...
PT-2024-14786 · Synology · Synology Active Backup For Business Agent
Name of the Vulnerable Software and Affected Versions: Synology Active Backup for Business Agent versions prior to 2.7.0-3221 Description: A missing encryption issue exists in the settings functionality of Synology Active Backup for Business Agent, allowing local users to obtain user credentials...
Security Advisory 0104
Security Advisory 0104 . CSAF PDF Date: September 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | September 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-7142 CVSSv3.1 Base Score: 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Common Weakness Enumeration: CWE-311:...
CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data
Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...
Hughes Network Systems WL3000 Fusion Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : Hughes Network Systems Equipment : WL3000 Fusion Software Vulnerabilities : Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these...
Rockwell Automation Pavilion8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
CVE-2024-7396
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...
CVE-2024-7396 Plaintext Communication
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...
CVE-2024-38302
Dell Data Lakehouse, versions 1.0.0.0, contains a Missing Encryption of Sensitive Data vulnerability in the DDAE Starburst. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2024-38302
Dell Data Lakehouse, versions 1.0.0.0, contains a Missing Encryption of Sensitive Data vulnerability in the DDAE Starburst. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...
WordPress AppPresser plugin <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass vulnerability
Improper Missing Encryption Exception Handling to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin AppPresser versions = 4.3.2...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of nginx. The issue results from a lac...
WordPress Frontend Admin by DynamiApps plugin <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation vulnerability
Improper Missing Encryption Exception Handling to Form Manipulation vulnerability discovered by István Márton in WordPress Plugin Frontend Admin by DynamiApps versions = 3.19.4...
CVE-2024-25027
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
CVE-2024-25027
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
CVE-2024-25027 IBM Security Verify Access Container information disclosure
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
CVE-2024-25027 IBM Security Verify Access Container information disclosure
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
Dell BSAFE Micro Edition Suite Trust Management Issues Vulnerability
The Dell BSAFE Micro Edition Suite is a development toolkit from Dell Inc. that provides cryptographic, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in Dell BSAFE Micro Edition Suite versions prior to 4.5.2 and Dell BSAFE...
The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications arises from the lack of encryption measures for protected data, allowing attackers to disclose protected information.
The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications arises from the lack of encryption measures for protected data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...