Filtered by CWE-311
Total 492 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-39090 2 Ibm, Linux 2 Cloud Pak For Security, Linux Kernel 2024-12-31 5.9 Medium
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.
CVE-2024-25630 1 Cilium 1 Cilium 2024-12-18 6.1 Medium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
CVE-2024-25631 1 Cilium 1 Cilium 2024-12-18 6.1 Medium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.
CVE-2024-4995 2024-12-18 9.8 Critical
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.
CVE-2023-4420 1 Sick 7 Lms500, Lms500 Firmware, Lms511 and 4 more 2024-12-09 9.8 Critical
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.
CVE-2019-1589 1 Cisco 28 Nexus 9000, Nexus 92160yc-x, Nexus 92300yc and 25 more 2024-11-21 4.6 Medium
A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.
CVE-2024-5731 2024-11-21 6.8 Medium
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.
CVE-2024-41124 2024-11-21 6.3 Medium
Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. `API_URLS` is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by using https rather than http connections. All users are advised to upgrade. There is no known workarounds for this vulnerability.
CVE-2024-38283 1 Motorolasolutions 1 Vigilant Fixed Lpr Coms Box Bcav1f2 C600 2024-11-21 N/A
Sensitive customer information is stored in the device without encryption.
CVE-2024-29151 2024-11-21 9.1 Critical
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.
CVE-2024-27106 2024-11-21 5.7 Medium
Vulnerable data in transit in GE HealthCare EchoPAC products
CVE-2024-25027 1 Ibm 1 Security Verify Access 2024-11-21 6.2 Medium
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607.
CVE-2023-4580 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-11-21 6.5 Medium
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CVE-2023-4384 1 Maximatech 1 Portal Executivo 2024-11-21 3.7 Low
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-49927 1 Samsung 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 23 more 2024-11-21 5.3 Medium
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.
CVE-2023-44098 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-43618 1 Schollz 1 Croc 2024-11-21 5.3 Medium
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.
CVE-2023-42019 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2024-11-21 5.9 Medium
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.
CVE-2023-41096 1 Silabs 1 Emberznet Sdk 2024-11-21 6.8 Medium
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
CVE-2023-41095 1 Silabs 1 Openthread Sdk 2024-11-21 6.8 Medium
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.