ReportizFlow
Filtered by vendor
Subscriptions
Total
876 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5638 | 1 Netgear | 2 Wndr4500, Wndr4500 Firmware | 2024-11-21 | N/A |
| There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. | ||||
| CVE-2015-7542 | 3 Aquamaniac, Debian, Opensuse | 3 Gwenhywfar, Debian Linux, Leap | 2024-11-21 | 5.3 Medium |
| A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | ||||
| CVE-2014-5380 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2024-11-21 | 7.5 High |
| Grand MA 300 allows retrieval of the access PIN from sniffed data. | ||||
| CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-11-21 | 9.8 Critical |
| An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | ||||
| CVE-2012-1257 | 1 Pidgin | 1 Pidgin | 2024-11-21 | 5.5 Medium |
| Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor. | ||||
| CVE-2010-4177 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 5.5 Medium |
| mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. | ||||
| CVE-2003-5002 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-11-21 | 3.7 Low |
| A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2024-50634 | 2 Sbond, Sbondco | 2 Watcharr, Watcharr | 2024-11-14 | 8.8 High |
| A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication. | ||||
| CVE-2024-8013 | 1 Mongodb | 2 Mongo Crypt V1.so, Mongocryptd | 2024-10-31 | 2.2 Low |
| A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions. | ||||
| CVE-2024-47124 | 1 Gotenna | 1 Gotenna Pro | 2024-10-17 | 4.3 Medium |
| The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation. | ||||
| CVE-2024-45838 | 1 Gotenna | 2 Gotenna, Pro Atak Plugin | 2024-10-17 | 4.3 Medium |
| The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation | ||||
| CVE-2024-47833 | 1 Avaiga | 1 Taipy | 2024-10-16 | 6.5 Medium |
| Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-43180 | 1 Ibm | 1 Concert | 2024-09-20 | 4.3 Medium |
| IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | ||||
| CVE-2024-31799 | 1 Gncchome | 3 Gncc C2, Gc2, Gncc C2 Firmware | 2024-08-16 | 4.6 Medium |
| Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. | ||||
| CVE-2024-7408 | 1 Airveda | 2 Pm2.5 Pm10 Monitor, Pm2.5 Pm10 Monitor Firmware | 2024-08-13 | 6.5 Medium |
| This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. | ||||
| CVE-2024-32864 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.4 Medium |
| Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS) | ||||