PT-2021-19621 · Suse · Rke2 +1

Name of the Vulnerable Software and Affected Versions: SUSE Rancher K3s versions v1.19.12+k3s1 through v1.21.2+k3s1 and prior versions RKE2 versions v1.19.12+rke2r1 through v1.21.2+rke2r1 and prior versions Description: A Missing Encryption of Sensitive Data issue allows any user with direct acce...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22782

CVE-2021-22782 is a Missing Encryption of Sensitive Data vulnerability affecting Schneider Electric products, including EcoStruxure Control Expert (Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. The issue allows information disclosure of network/process data, credent...

Huawei Smartphone 安全漏洞

Huawei Smartphone is a smartphone from Huawei, a Chinese company. A security vulnerability exists in Huawei Smartphone that stems from a missing encryption step vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in a denial of service to Samgr...

The vulnerability of the reset function in industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 allows a intruder to gain increased privileges.

The vulnerability of the reset function in industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 lies in the absence of a new cryptographic key generation upon resetting settings. Exploiting this vulnerability can allow an attacker operating remotely to enhance their privilege...

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28217

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

Code injection

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

CVE-2020-28217

Schneider Electric Easergy T300 firmware 2.7 and earlier is affected by CVE-2020-28217 (Missing Encryption of Sensitive Data) in the IEC60870-5-104 communication path. The NVD/NVD-derived entry indicates vulnerability to reading network traffic due to lack of encryption, with a CVSSv3 base score ...

CVE-2020-28216

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...

Schneider Electric Easergy T300

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...

CVE-2020-7567

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

Default credentials

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

ABUS Secvest Wireless Control Device Missing Encryption Vulnerability

The wireless communication of the ABUS Secvest Wireless Control Device FUBE50001 for transmitting sensitive data like PIN codes or IDs of used proximity chip keys RFID tokens is not encrypted. Product: ABUS Secvest Wireless Control Device FUBE50001 Manufacturer: ABUS Affected Versions: N/A Tested...

Baxter ExactaMix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access...

DEBIAN-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...

Orpak SiteOmat

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak acquired by Gilbarco Veeder-Root Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of...

Missing Sensitive Data Encryption Vulnerability in ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015

ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 are both wireless remote controls from ABUS Germany. A security vulnerability exists in ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015, which originates from the program not encrypting sensitive data. An attacker can exploit the vulnerability t...