Total
713 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46385 | 1 Loytec | 1 L-inx Configurator | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||||
| CVE-2023-46383 | 1 Loytec | 1 L-inx Configurator | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | |||||
| CVE-2023-46382 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. | |||||
| CVE-2023-46380 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) send password-change requests via cleartext HTTP. | |||||
| CVE-2023-45716 | 1 Hcltech | 1 Sametime | 2024-11-21 | N/A | 1.7 LOW |
| Sametime is impacted by sensitive information passed in URL. | |||||
| CVE-2023-45321 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | N/A | 8.3 HIGH |
| The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol. | |||||
| CVE-2023-43503 | 1 Siemens | 1 Comos | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP. | |||||
| CVE-2023-43125 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-11-21 | N/A | 6.8 MEDIUM |
| BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-43124 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-11-21 | N/A | 5.3 MEDIUM |
| BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2023-42579 | 2 Google, Samsung | 2 Android, Samsung Keyboard | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack. | |||||
| CVE-2023-42147 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. | |||||
| CVE-2023-42144 | 1 Shelly | 2 Trv, Trv Firmware | 2024-11-21 | N/A | 5.5 MEDIUM |
| Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | |||||
| CVE-2023-42016 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | |||||
| CVE-2023-41088 | 1 Dexma | 1 Dexgate | 2024-11-21 | N/A | 6.3 MEDIUM |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. | |||||
| CVE-2023-40729 | 1 Siemens | 1 Qms Automotive | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information. | |||||
| CVE-2023-40544 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | |||||
| CVE-2023-3763 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3761 | 1 Intergard | 1 Smartgard Silver With Matrix Keyboard | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3361 | 2 Opendatahub, Redhat | 2 Open Data Hub Dashboard, Openshift Data Science | 2024-11-21 | N/A | 7.7 HIGH |
| A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. | |||||
| CVE-2023-3272 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | |||||