CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

191 matches found

Prion•added 2022/10/19 2:15 a.m.•14 views

Design/Logic Flaw

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions...

3.2CVSS6.6AI score0.00214EPSS

Exploits1References3Affected Software1

ICS•added 2022/09/13 12:0 a.m.•65 views

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerabilities: Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing...

7.8CVSS9AI score0.2241EPSS

Exploits9References11

ICS•added 2022/09/08 12:0 a.m.•42 views

Baxter Sigma Spectrum Infusion Pump (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A part 1 of 3 --------- CVSS v3 7.5 --------- End Update A part 1 of 3 --------- ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Sigma and Baxter Spectrum Infusion Pumps Vulnerabilities: Missing Encryption of Sensitive Data, Use of Externally...

8.1CVSS6.4AI score0.00574EPSS

Exploits0References5

CNNVD•added 2022/09/06 12:0 a.m.•3 views

Fortinet FortiOS 安全漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

3.3CVSS4.9AI score0.00255EPSS

Exploits0References3

OSV•added 2022/06/02 11:15 p.m.•2 views

CVE-2022-30237

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

7.5CVSS5.8AI score0.00294EPSS

Exploits0References1

Cvelist•added 2022/06/02 10:45 p.m.•23 views

CVE-2022-30237

8.2CVSS8.5AI score0.00294EPSS

Exploits0References1

CVE•added 2022/06/02 10:45 p.m.•68 views

CVE-2022-30237

The CVE-2022-30237 vulnerability concerns Schneider Electric Wiser Smart and related EER21000/EER21001 versions (V4.5 and prior) with a CWE-311 Missing Encryption of Sensitive Data issue. The root cause is lack of encryption allowing authentication credentials to be recovered if an attacker break...

8.2CVSS7.6AI score0.00294EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2022/05/10 7:0 a.m.•3 views

CVE-2022-30237

8.2CVSS7.1AI score0.00294EPSS

Exploits0References2

Tenable Nessus•added 2022/02/07 12:0 a.m.•12 views

Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Encryption of Sensitive Data (CVE-2020-10039)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to...

8.1CVSS7.5AI score0.00523EPSS

Exploits0References3

Talos•added 2022/02/01 12:0 a.m.•45 views

Sealevel Systems, Inc. SeaConnect 370W Web Server information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger...

7.4CVSS5.8AI score0.00481EPSS

Exploits0

Japan Vulnerability Notes•added 2022/01/13 6:26 a.m.•5 views

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

Overview PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

4.9CVSS6.5AI score0.00107EPSS

Exploits0References5

Prion•added 2022/01/04 4:15 p.m.•11 views

Information disclosure

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933...

5CVSS6.9AI score0.0074EPSS

Exploits0References1

Positive Technologies•added 2022/01/04 12:0 a.m.•5 views

PT-2022-11190 · Modem Emm · Modem Emm

Name of the Vulnerable Software and Affected Versions: Modem EMM affected versions not specified Description: The issue is related to a missing data encryption in Modem EMM, which could lead to remote information disclosure without requiring additional execution privileges. User interaction is no...

7.5CVSS7.2AI score0.0074EPSS

Exploits0References3

Japan Vulnerability Notes•added 2021/12/17 7:57 a.m.•2 views

UNIVERGE DT Series vulnerable to missing encryption of sensitive data

Overview UNIVERGE IP Phone DT Series and PC tools for DT Series maintainers IP Phone Manager and Data Maintenance Tool provided by NEC Platforms, Ltd. contain a missing encryption vulnerability CWE-311. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solutions throug...

5.3CVSS6.5AI score0.01066EPSS

Exploits0References5

OSV•added 2021/12/09 9:15 a.m.•3 views

CVE-2021-36189

A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data...

4.9CVSS5.8AI score0.00392EPSS

Exploits0References1

ICS•added 2021/11/11 12:0 a.m.•43 views

Siemens Climatix POL909 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Climatix POL909 AWM and AWB modules --------- End Update A Part 1 of 3 --------- Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION...

7.4CVSS7.5AI score0.00408EPSS

Exploits0References5

Cvelist•added 2021/11/05 7:41 p.m.•22 views

CVE-2021-3774 Meross MSS550X Missing Encryption of Sensitive Data

Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...

7.4CVSS7.6AI score0.00703EPSS

Exploits0References1

BDU FSTEC•added 2021/10/27 12:0 a.m.•3 views

The vulnerability of the QEMU hardware emulation software lies in the lack of a necessary encryption step, which allows attackers to gain access to confidential data.

The vulnerability of the QEMU hardware emulation software is related to a implementation error in the handling of pointer authentication. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

5.5CVSS6.7AI score0.00331EPSS

Exploits0References6Affected Software3

ICS•added 2021/10/07 12:0 a.m.•96 views

Mobile Industrial Robots Vehicles and MiR Fleet Software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Mobile Industrial Robots MiR Equipment: MiR100, MiR200, MiR250, MiR500, MiR1000, MiR Fleet Vulnerabilities: Improper Access Control, Integer Overflow or Wraparound, Exposur...

10CVSS8.7AI score0.02459EPSS

Exploits6References5

ICS•added 2021/08/10 12:0 a.m.•82 views

Siemens Industrial Products Intel CPUs (Update F)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products...

7.8CVSS8.7AI score0.00347EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by