Vulnerabilities (CVE)

Filtered by CWE-319
Total 639 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14171 1 Atlassian 1 Bitbucket 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.
CVE-2020-14157 1 Abus 2 Secvest Wireless Control Fube50001, Secvest Wireless Control Fube50001 Firmware 2024-11-21 4.8 MEDIUM 8.1 HIGH
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.
CVE-2020-14093 4 Canonical, Debian, Mutt and 1 more 4 Ubuntu Linux, Debian Linux, Mutt and 1 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
CVE-2020-13787 1 Dlink 2 Dir-865l, Dir-865l Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
CVE-2020-13528 1 Lantronix 2 Xport Edge, Xport Edge Firmware 2024-11-21 2.6 LOW 5.3 MEDIUM
An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability.
CVE-2020-12730 1 Magicsmotion 2 Flamingo 2, Flamingo 2 Firmware 2024-11-21 2.9 LOW 5.3 MEDIUM
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
CVE-2020-12638 1 Espressif 3 Esp-idf, Esp8266 Nonos Sdk, Esp8266 Rtos Sdk 2024-11-21 4.3 MEDIUM 6.8 MEDIUM
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.
CVE-2020-12398 2 Canonical, Mozilla 2 Ubuntu Linux, Thunderbird 2024-11-21 4.3 MEDIUM 7.5 HIGH
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.
CVE-2020-12048 1 Baxter 2 Phoenix X36, Phoenix X36 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.
CVE-2020-12040 1 Baxter 2 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the-middle attack.
CVE-2020-12037 1 Baxter 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.
CVE-2020-12036 1 Baxter 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.
CVE-2020-12008 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.
CVE-2020-11718 1 Bilanc 1 Bilanc 2024-11-21 5.8 MEDIUM 7.4 HIGH
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.
CVE-2020-11685 1 Jetbrains 1 Goland 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.
CVE-2020-11614 1 Mids\' Reborn Hero Designer Project 1 Mids\' Reborn Hero Designer 2024-11-21 6.8 MEDIUM 8.1 HIGH
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.
CVE-2020-11557 1 Castlerock 1 Snmpc Online 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.
CVE-2020-11542 1 3xlogic 3 Infinias Eidc32, Infinias Eidc32 Firmware, Infinias Eidc32 Web 2024-11-21 7.5 HIGH 9.8 CRITICAL
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.
CVE-2020-11539 1 Titan 2 Sf Rush Smart Band, Sf Rush Smart Band Firmware 2024-11-21 4.8 MEDIUM 8.1 HIGH
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device.
CVE-2020-10628 1 Honeywell 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network.