Total
736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37939 | 1 Elastic | 1 Kibana | 2024-11-21 | 2.7 Low |
| It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster. | ||||
| CVE-2021-36382 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 2.6 Low |
| Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). | ||||
| CVE-2021-36165 | 1 Riconmobile | 2 S9922l, S9922l Firmware | 2024-11-21 | 5.3 Medium |
| RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64. | ||||
| CVE-2021-34825 | 2 Fedoraproject, Quassel-irc | 2 Fedora, Quassel | 2024-11-21 | 7.5 High |
| Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. | ||||
| CVE-2021-33900 | 1 Apache | 1 Directory Studio | 2024-11-21 | 7.5 High |
| While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions. | ||||
| CVE-2021-33883 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-11-21 | 5.9 Medium |
| A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. The exposed data includes critical values for a pump's internal configuration. | ||||
| CVE-2021-33408 | 1 Abinitio | 1 Control\>center | 2024-11-21 | 6.5 Medium |
| Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1. | ||||
| CVE-2021-32612 | 1 I-doo | 1 Veryfitpro | 2024-11-21 | 8.1 High |
| The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. | ||||
| CVE-2021-32456 | 1 Sitel-sa | 2 Remote Cap\/prx, Remote Cap\/prx Firmware | 2024-11-21 | 6.5 Medium |
| SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic. | ||||
| CVE-2021-32066 | 3 Oracle, Redhat, Ruby-lang | 6 Jd Edwards Enterpriseone Tools, Enterprise Linux, Rhel E4s and 3 more | 2024-11-21 | 7.4 High |
| An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | ||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2024-11-21 | 7.5 High |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | ||||
| CVE-2021-31815 | 1 Google | 1 Google\/apple Exposure Notifications | 2024-11-21 | 3.3 Low |
| GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment "began several weeks ago and will be complete in the coming days." | ||||
| CVE-2021-31671 | 1 Pgsync Project | 1 Pgsync | 2024-11-21 | 7.5 High |
| pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used. | ||||
| CVE-2021-29769 | 3 Ibm, Linux, Microsoft | 3 I2 Analyze, Linux Kernel, Windows | 2024-11-21 | 4.3 Medium |
| IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769. | ||||
| CVE-2021-29753 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.9 Medium |
| IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | ||||
| CVE-2021-29397 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-11-21 | 7.5 High |
| Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. | ||||
| CVE-2021-28509 | 1 Arista | 45 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 42 more | 2024-11-21 | 6.1 Medium |
| This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. | ||||
| CVE-2021-28508 | 1 Arista | 45 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 42 more | 2024-11-21 | 6.8 Medium |
| This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. | ||||
| CVE-2021-27924 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. | ||||
| CVE-2021-27574 | 1 Remotemouse | 1 Emote Remote Mouse | 2024-11-21 | 8.1 High |
| An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. | ||||