Total
466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29883 | 1 Ibm | 1 Transformation Extender Advanced | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090. | |||||
| CVE-2021-29248 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | |||||
| CVE-2021-28496 | 1 Arista | 1 Eos | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
| On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train | |||||
| CVE-2021-27783 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | |||||
| CVE-2021-27779 | 1 Hcltech | 1 Versionvault Express | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | |||||
| CVE-2021-27764 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) | |||||
| CVE-2021-22932 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously selected “Enable Encryption” in the ShareFile configuration page and did not re-select this setting after running the CTX269106 mitigation tool. ShareFile customers who have not run the CTX269106 mitigation tool or who re-selected “Enable Encryption” immediately after running the tool are unaffected by this issue. | |||||
| CVE-2021-22782 | 1 Schneider-electric | 3 Ecostruxure Control Expert, Ecostruxure Process Expert, Remoteconnect | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file. | |||||
| CVE-2021-21963 | 1 Sealevel | 2 Seaconnect 370w, Seaconnect 370w Firmware | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2021-20567 | 2 Ibm, Redhat | 2 Resilient Security Orchestration Automation And Response, Linux | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239. | |||||
| CVE-2020-9774 | 1 Apple | 1 Mac Os X | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed. | |||||
| CVE-2020-9062 | 1 Dieboldnixdorf | 2 Probase, Procash 2100xe | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited. | |||||
| CVE-2020-9058 | 4 Dome, Jasco, Linear and 1 more | 4 Dm501, Zw4201, Lb60z-1 and 1 more | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection. | |||||
| CVE-2020-9057 | 2 Linear, Silabs | 5 Wadwaz-1, Wapirz-1, 100 Series Firmware and 2 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable. | |||||
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 2.2 LOW |
| A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | |||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | |||||
| CVE-2020-7567 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys. | |||||
| CVE-2020-4591 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Server, Linux Kernel and 1 more | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. | |||||
| CVE-2020-4233 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. | |||||
| CVE-2020-4126 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later. | |||||