Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4188 | 2024-11-21 | N/A | N/A | ||
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. | |||||
CVE-2024-20395 | 2024-11-21 | N/A | 6.4 MEDIUM | ||
A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user. | |||||
CVE-2024-1102 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. | |||||
CVE-2023-31277 | 1 Piigab | 2 M-bus 900s, M-bus 900s Firmware | 2024-11-21 | N/A | 7.5 HIGH |
PiiGAB M-Bus transmits credentials in plaintext format. | |||||
CVE-2023-28708 | 1 Apache | 1 Tomcat | 2024-11-21 | N/A | 4.3 MEDIUM |
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. | |||||
CVE-2023-22862 | 1 Ibm | 2 Aspera Cargo, Aspera Connect | 2024-11-21 | N/A | 5.9 MEDIUM |
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | |||||
CVE-2022-31805 | 1 Codesys | 10 Development System, Edge Gateway, Gateway and 7 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected. |