Total
468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33037 | 1 Qualcomm | 166 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 163 more | 2024-11-21 | 7.1 High |
| Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. | ||||
| CVE-2023-31825 | 1 Inageya | 1 Inageya | 2024-11-21 | 7.5 High |
| An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function. | ||||
| CVE-2023-31822 | 1 Entetsu | 1 Entetsu Store | 2024-11-21 | 7.5 High |
| An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function. | ||||
| CVE-2023-31820 | 1 Shizutetsu | 1 Shizutetsu Store | 2024-11-21 | 7.5 High |
| An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2023-31819 | 1 Livre | 1 Keisei Store | 2024-11-21 | 7.5 High |
| An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. | ||||
| CVE-2023-30561 | 1 Bd | 2 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware | 2024-11-21 | 6.1 Medium |
| The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running. | ||||
| CVE-2023-23371 | 1 Qnap | 1 Qvpn | 2024-11-21 | 5.2 Medium |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | ||||
| CVE-2023-23127 | 1 Connectwise | 1 Connectwise | 2024-11-21 | 5.3 Medium |
| In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. | ||||
| CVE-2022-40295 | 1 Phppointofsale | 1 Php Point Of Sale | 2024-11-21 | 4.9 Medium |
| The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. | ||||
| CVE-2022-3781 | 1 Devolutions | 2 Devolutions Server, Remote Desktop Manager | 2024-11-21 | 6.5 Medium |
| Dashlane password and Keepass Server password in My Account SettingsĀ are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote Desktop Manager 2022.2.26 and prior versions. Devolutions Server 2022.3.1 and prior versions. | ||||
| CVE-2022-3251 | 1 Ikus-soft | 1 Minarca | 2024-11-21 | 5.3 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2. | ||||
| CVE-2022-3250 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 5.3 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. | ||||
| CVE-2022-3174 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 7.5 High |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||||
| CVE-2022-39014 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.3 Medium |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | ||||
| CVE-2022-35860 | 1 Corsair | 2 K63, K63 Firmware | 2024-11-21 | 6.8 Medium |
| Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. | ||||
| CVE-2022-34307 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 4.3 Medium |
| IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. | ||||
| CVE-2022-33161 | 1 Ibm | 4 Security Directory Integrator, Security Directory Server, Security Directory Suite and 1 more | 2024-11-21 | 5.3 Medium |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. | ||||
| CVE-2022-31085 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-11-21 | 6.1 Medium |
| LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. | ||||
| CVE-2022-30237 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2024-11-21 | 8.2 High |
| A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | ||||
| CVE-2022-27225 | 1 Gradle | 1 Enterprise | 2024-11-21 | 6.5 Medium |
| Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS. | ||||