Falhas do tipo CWE-311

301 resultados
CVE-2018-19944Cleartext Transmission of Sensitive Information in SNMPEPSS 0.8%CVE-2012-1977WellinTech KingSCADA Missing Encryption of Sensitive DataEPSS 0.8%CVE-2021-33900StartTLS and SASL confidentiality protection bypassEPSS 0.8%CVE-2016-10563During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attacEPSS 0.8%CVE-2017-16035The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from apEPSS 0.7%CVE-2020-10124NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host EPSS 0.7%CVE-2016-10680adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources oEPSS 0.7%CVE-2023-28841MEDIUMmoby/moby's dockerd daemon encrypted overlay network traffic may be unencryptedEPSS 0.7%CVE-2021-31386MEDIUMJunos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks.EPSS 0.7%CVE-2019-5448Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication datEPSS 0.7%CVE-2018-7498In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrityEPSS 0.7%CVE-2017-16041ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.7%CVE-2016-10592jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.6%CVE-2022-38458MEDIUMA cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafEPSS 0.6%CVE-2016-10618node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.6%CVE-2016-10568geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data EPSS 0.6%CVE-2016-10578unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves EPSS 0.6%CVE-2016-10594ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources EPSS 0.6%CVE-2016-10641node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.6%CVE-2020-28217A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker EPSS 0.6%