Total
624 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23915 | 3 Haxx, Netapp, Splunk | 12 Curl, Active Iq Unified Manager, Clustered Data Ontap and 9 more | 2024-03-27 | N/A | 6.5 MEDIUM |
| A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | |||||
| CVE-2024-0860 | 2024-03-15 | N/A | 8.0 HIGH | ||
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | |||||
| CVE-2024-26288 | 2024-03-12 | N/A | 8.7 HIGH | ||
| An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. | |||||
| CVE-2017-6665 | 1 Cisco | 2 Ios, Ios Xe | 2024-03-04 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1. | |||||
| CVE-2023-47745 | 2024-03-04 | N/A | 6.2 MEDIUM | ||
| IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. IBM X-Force ID: 272638. | |||||
| CVE-2021-39077 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-29 | N/A | 4.4 MEDIUM |
| IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. | |||||
| CVE-2023-45716 | 1 Hcltech | 1 Sametime | 2024-02-26 | N/A | 4.1 MEDIUM |
| Sametime is impacted by sensitive information passed in URL. | |||||
| CVE-2023-39245 | 2024-02-15 | N/A | 9.8 CRITICAL | ||
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | |||||
| CVE-2023-42016 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-15 | N/A | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | |||||
| CVE-2018-11338 | 1 Intuit | 1 Lacerte | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable. | |||||
| CVE-2007-4786 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-13 | 4.3 MEDIUM | 5.3 MEDIUM |
| Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2023-40544 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 5.7 MEDIUM |
| An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | |||||
| CVE-2023-50962 | 1 Ibm | 1 Powersc | 2024-02-12 | N/A | 7.5 HIGH |
| IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | |||||
| CVE-2023-32328 | 1 Ibm | 1 Security Verify Access | 2024-02-10 | N/A | 9.8 CRITICAL |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. | |||||
| CVE-2023-42144 | 1 Shelly | 2 Trv, Trv Firmware | 2024-01-31 | N/A | 5.5 MEDIUM |
| Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password. | |||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2024-01-31 | N/A | 5.7 MEDIUM |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | |||||
| CVE-2023-46447 | 1 Popsdiabetes | 1 Rebel | 2024-01-29 | N/A | 4.3 MEDIUM |
| The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. | |||||
| CVE-2023-50614 | 1 Cdebyte | 2 E880-ir01, E880-ir01 Firmware | 2024-01-25 | N/A | 7.5 HIGH |
| An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. | |||||
| CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2024-01-25 | 5.0 MEDIUM | 7.5 HIGH |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | |||||
| CVE-2007-5626 | 1 Bacula | 1 Bacula | 2024-01-25 | 2.1 LOW | 5.5 MEDIUM |
| make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | |||||