ReportizFlow
Filtered by vendor
Subscriptions
Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19090 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 3.5 Low |
| For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping. | ||||
| CVE-2019-18980 | 1 Philips | 2 Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656, Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656 Firmware | 2024-11-21 | 7.5 High |
| On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. | ||||
| CVE-2019-18833 | 1 Barco | 2 Clickshare Button R9861500d01, Clickshare Button R9861500d01 Firmware | 2024-11-21 | 5.9 Medium |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2).. The encryption key of the media content which is shared between a ClickShare Button and a ClickShare Base Unit is randomly generated for each new session and communicated over a TLS connection. An attacker who is able to perform a Man-in-the-Middle attack between the TLS connection, is able to obtain the encryption key. | ||||
| CVE-2019-18800 | 1 Rakuten | 1 Viber | 2024-11-21 | 8.8 High |
| Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS. | ||||
| CVE-2019-18254 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2024-11-21 | 4.6 Medium |
| BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with. | ||||
| CVE-2019-16210 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.5 Medium |
| Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | ||||
| CVE-2019-16206 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.5 Medium |
| The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | ||||
| CVE-2019-15704 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 5.5 Medium |
| A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway. | ||||
| CVE-2019-15653 | 1 Comba | 2 Ap2600-i - A02 - 0202n00pd2, Ap2600-i - A02 - 0202n00pd2 Firmware | 2024-11-21 | 7.5 High |
| Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real value, i.e., md5(md5(value)). | ||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 9.8 Critical |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | ||||
| CVE-2019-13922 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 2.7 Low |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-13419 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked. | ||||
| CVE-2019-13418 | 1 Search-guard | 1 Search Guard | 2024-11-21 | 7.5 High |
| Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized. | ||||
| CVE-2019-12924 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A |
| MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users). | ||||
| CVE-2019-11836 | 1 Rediff | 1 Rediffmail | 2024-11-21 | N/A |
| The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android has cleartext mail content in file storage, persisting after a logout. | ||||
| CVE-2019-11664 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 6.5 Medium |
| Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||||
| CVE-2019-11663 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 6.5 Medium |
| Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||||
| CVE-2019-11523 | 1 Anviz | 2 M3, M3 Firmware | 2024-11-21 | N/A |
| Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the "open door" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address). | ||||
| CVE-2019-11405 | 1 Openapi-generator | 1 Openapi Generator | 2024-11-21 | N/A |
| OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies. | ||||
| CVE-2019-11404 | 1 Arrow-kt | 1 Arrow | 2024-11-21 | N/A |
| arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack. | ||||