CVE-2024-45838

LOW Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-319
View all →

Vulnerability Description

The goTenna Pro ATAK Plugin does not encrypt callsigns in messages. It is advised to not use sensitive information in callsigns when using this and previous versions of the plugin. Update to current plugin version which uses AES-256 encryption for callsigns in encrypted operation

Related Vulnerabilities

CVE-2018-11399

MEDIUM
CVSS:4.3(Medium)

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occu...

CWE-3192018

CVE-2019-10732

MEDIUM
CVSS:4.3(Medium)

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS ...

CWE-3192019

CVE-2019-10734

MEDIUM
CVSS:4.3(Medium)

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS ...

CWE-3192019

CVE-2019-10735

MEDIUM
CVSS:4.3(Medium)

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CS...

CWE-3192019

CVE-2019-10740

MEDIUM
CVSS:4.3(Medium)

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden...

CWE-3192019

CVE-2019-18248

MEDIUM
CVSS:4.3(Medium)

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentia...

CWE-3192019