Total
466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32982 | 1 Jenkins | 1 Ansible | 2025-01-23 | N/A | 4.3 MEDIUM |
| Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |||||
| CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 4.3 MEDIUM | 5.8 MEDIUM |
| Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | |||||
| CVE-2024-7142 | 2025-01-10 | N/A | 4.6 MEDIUM | ||
| On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | |||||
| CVE-2024-28250 | 1 Cilium | 1 Cilium | 2025-01-09 | N/A | 6.1 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. | |||||
| CVE-2024-28249 | 1 Cilium | 1 Cilium | 2025-01-09 | N/A | 6.1 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. | |||||
| CVE-2023-34258 | 1 Bmc | 1 Patrol | 2025-01-08 | N/A | 7.5 HIGH |
| An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. | |||||
| CVE-2021-39090 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-12-31 | N/A | 5.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388. | |||||
| CVE-2024-25630 | 1 Cilium | 1 Cilium | 2024-12-18 | N/A | 6.1 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue. | |||||
| CVE-2024-25631 | 1 Cilium | 1 Cilium | 2024-12-18 | N/A | 6.1 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue. | |||||
| CVE-2024-4995 | 2024-12-18 | N/A | 9.8 CRITICAL | ||
| Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0. | |||||
| CVE-2024-5731 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | |||||
| CVE-2024-41124 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability. | |||||
| CVE-2024-38283 | 2024-11-21 | N/A | N/A | ||
| Sensitive customer information is stored in the device without encryption. | |||||
| CVE-2024-35061 | 2024-11-21 | N/A | 7.3 HIGH | ||
| NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. | |||||
| CVE-2024-29151 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. | |||||
| CVE-2024-27106 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| Vulnerable data in transit in GE HealthCare EchoPAC products | |||||
| CVE-2024-25027 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 6.2 MEDIUM |
| IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607. | |||||
| CVE-2024-24768 | 1 Fit2cloud | 1 1panel | 2024-11-21 | N/A | 6.5 MEDIUM |
| 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. | |||||
| CVE-2023-6339 | 1 Google | 2 Nest Wifi Pro, Nest Wifi Pro Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| Google Nest WiFi Pro root code-execution & user-data compromise | |||||
| CVE-2023-50129 | 1 Flient | 2 Smart Lock Advanced, Smart Lock Advanced Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter. | |||||