Lucene search
K

202 matches found

Cvelist
Cvelist
added 2020/12/11 12:51 a.m.26 views

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

7.4AI score0.005EPSS
Exploits0References2
ICS
ICS
added 2020/12/08 12:0 a.m.73 views

Schneider Electric Easergy T300

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...

9.8CVSS9AI score0.03032EPSS
Exploits0References4
NVD
NVD
added 2020/11/19 10:15 p.m.28 views

CVE-2020-7567

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

7.1CVSS6.1AI score0.00201EPSS
Exploits0References2
Prion
Prion
added 2020/11/19 10:15 p.m.14 views

Default credentials

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

2.9CVSS6.2AI score0.00201EPSS
Exploits0References2
0day.today
0day.today
added 2020/06/24 12:0 a.m.210 views

ABUS Secvest Wireless Control Device Missing Encryption Vulnerability

The wireless communication of the ABUS Secvest Wireless Control Device FUBE50001 for transmitting sensitive data like PIN codes or IDs of used proximity chip keys RFID tokens is not encrypted. Product: ABUS Secvest Wireless Control Device FUBE50001 Manufacturer: ABUS Affected Versions: N/A Tested...

8.1CVSS0.4AI score0.00793EPSS
Exploits2
ICS
ICS
added 2020/06/18 12:0 a.m.150 views

Baxter ExactaMix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access...

10CVSS9.3AI score0.93307EPSS
Exploits47References5
OSV
OSV
added 2019/07/30 9:15 p.m.2 views

DEBIAN-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS7.8AI score0.00668EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/07/30 9:15 p.m.28 views

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

8.1CVSS7.1AI score0.00668EPSS
Exploits1References5
CVE
CVE
added 2019/07/30 8:15 p.m.84 views

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...

8.1CVSS7.8AI score0.00668EPSS
Exploits1References3Affected Software1
ICS
ICS
added 2019/05/02 12:0 a.m.247 views

Orpak SiteOmat

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak acquired by Gilbarco Veeder-Root Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of...

10CVSS9.9AI score0.07235EPSS
Exploits1References5
CNVD
CNVD
added 2019/03/26 12:0 a.m.3 views

Missing Sensitive Data Encryption Vulnerability in ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015

ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 are both wireless remote controls from ABUS Germany. A security vulnerability exists in ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015, which originates from the program not encrypting sensitive data. An attacker can exploit the vulnerability t...

6.5CVSS6.8AI score0.0064EPSS
Exploits1References1
ICS
ICS
added 2018/10/09 12:0 a.m.1503 views

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...

9.8CVSS7.1AI score0.01251EPSS
Exploits4References5
ICS
ICS
added 2018/03/27 12:0 a.m.38 views

Philips Alice 6 Vulnerabilities (Update B)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated...

9.8CVSS10AI score0.02732EPSS
Exploits0References5
seebug.org
seebug.org
added 2017/12/08 12:0 a.m.32 views

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...

7.1AI score
Exploits0
ICS
ICS
added 2017/10/19 12:0 a.m.42 views

ICSMA-17-292-01_Boston Scientific ZOOM LATITUDE PRM Vulnerabilities

OVERVIEW Researchers Jonathan Butts and Billy Rios of Whitescope have identified two vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor PRM – Model 3120. Boston Scientific has provided compensating controls to reduce the risk of exploitation. AFFECTED PRODUCTS The...

4.6CVSS4.8AI score0.00398EPSS
Exploits0References2
ICS
ICS
added 2017/08/29 12:0 a.m.57 views

ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities

OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ formerly St. Jude Medical pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency RF communications. A third-party security...

8.8CVSS7.9AI score0.01084EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2017/07/11 12:0 a.m.66 views

Schneider Electric Pelco VideoXpert Missing Encryption

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillanc...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/25 12:0 a.m.111 views

Lenovo ShareIT Information Disclosure / Hardcoded Password

Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:...

5.4CVSS0.3AI score0.02494EPSS
Exploits1
CERT
CERT
added 2015/11/30 12:0 a.m.95 views

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...

5.9CVSS5.2AI score0.01356EPSS
Exploits3References4
CERT
CERT
added 2015/08/20 12:0 a.m.30 views

Dedicated Micros DVR products use plaintext protocols and require no password by default

Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...

10CVSS9.8AI score0.02941EPSS
Exploits1References5
Rows per page
Query Builder