Falhas do tipo CWE-311
301 resultadosCVE-2020-26732HIGHSKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session,EPSS 1.5%CVE-2020-35587—In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated cEPSS 1.5%CVE-2016-10598—arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerabEPSS 1.4%CVE-2020-12801—Crash-recovered MSOffice encrypted documents defaulted to not to using encryption on next saveEPSS 1.3%CVE-2023-46219MEDIUMWhen saving HSTS data to an excessively long file name, curl could end up
removing all contents, making subsequent requests using that file EPSS 1.1%CVE-2016-10557—appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the modEPSS 1.1%CVE-2016-10579—Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vEPSS 1.1%CVE-2016-10564—apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP,EPSS 1.1%CVE-2016-10565—operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerableEPSS 1.1%CVE-2018-16879HIGHAnsible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messEPSS 1.1%CVE-2018-17915—All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeyEPSS 1.1%CVE-2016-10596—imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulEPSS 1.1%CVE-2018-4855—A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in thEPSS 1.0%CVE-2017-14852HIGHAn insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL cEPSS 1.0%CVE-2019-6526—Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A seEPSS 1.0%CVE-2020-12032—Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in EPSS 0.9%CVE-2019-13419—Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.EPSS 0.9%CVE-2020-10267HIGHRVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versionsEPSS 0.9%CVE-2019-13418—Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.EPSS 0.9%CVE-2020-10273HIGHRVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllersEPSS 0.9%