CWE-319

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.

The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).

The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.