Total
713 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48788 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-47789 | 2024-10-14 | N/A | N/A | ||
| ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-9620 | 2024-10-10 | N/A | 5.3 MEDIUM | ||
| A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases. | |||||
| CVE-2024-43180 | 1 Ibm | 1 Concert | 2024-09-20 | N/A | 4.3 MEDIUM |
| IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | |||||
| CVE-2024-44105 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | N/A | 8.2 HIGH |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | |||||
| CVE-2024-8059 | 2024-09-14 | N/A | 4.3 MEDIUM | ||
| IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters. | |||||
| CVE-2024-45101 | 2024-09-14 | N/A | 6.8 MEDIUM | ||
| A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. | |||||
| CVE-2024-38891 | 1 Horizoncloud | 1 Caterease | 2024-08-20 | N/A | 7.5 HIGH |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. | |||||
| CVE-2024-38167 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-08-16 | N/A | 6.5 MEDIUM |
| .NET and Visual Studio Information Disclosure Vulnerability | |||||
| CVE-2024-31799 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-08-16 | N/A | 4.6 MEDIUM |
| Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. | |||||
| CVE-2024-7408 | 1 Airveda | 2 Pm2.5 Pm10 Monitor, Pm2.5 Pm10 Monitor Firmware | 2024-08-13 | N/A | 6.5 MEDIUM |
| This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. | |||||
| CVE-2024-32864 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | N/A | 6.4 MEDIUM |
| Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS) | |||||
| CVE-2024-41262 | 2024-08-01 | N/A | 7.4 HIGH | ||
| mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack. | |||||