Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34441 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2024-09-11 | 6.8 Medium |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests. | ||||
| CVE-2023-41088 | 1 Dexma | 1 Dexgate | 2024-09-11 | 6.3 Medium |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. | ||||
| CVE-2023-45321 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-09-11 | 8.3 High |
| The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol. | ||||
| CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-09-05 | 3.1 Low |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | ||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2024-08-27 | 5.7 Medium |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | ||||
| CVE-2024-31206 | 2024-08-26 | 8.2 High | ||
| dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle (MITM) attack. The network request was upgraded to HTTPS in version `1.0.1`. There are no workarounds, but some precautions include not sending any sensitive information and carefully verifying the API response before saving it. | ||||
| CVE-2023-6094 | 1 Moxa | 2 Oncell G3150a-lte, Oncell G3150a-lte Firmware | 2024-08-26 | 5.3 Medium |
| A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. | ||||
| CVE-2023-42016 | 1 Ibm | 1 Sterling B2b Integrator | 2024-08-22 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. | ||||
| CVE-2023-50962 | 1 Ibm | 1 Powersc | 2024-08-22 | 5.9 Medium |
| IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004. | ||||
| CVE-2023-45716 | 1 Hcltech | 1 Sametime | 2024-08-22 | 1.7 Low |
| Sametime is impacted by sensitive information passed in URL. | ||||
| CVE-2024-38891 | 1 Horizoncloud | 1 Caterease | 2024-08-20 | 9.1 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information. | ||||
| CVE-2023-28616 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-20 | 7.5 High |
| An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. | ||||
| CVE-2024-31799 | 1 Gncchome | 3 Gncc C2, Gc2, Gncc C2 Firmware | 2024-08-16 | 4.6 Medium |
| Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. | ||||
| CVE-2023-39245 | 2024-08-16 | 9.8 Critical | ||
| DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials. | ||||
| CVE-2024-7408 | 1 Airveda | 2 Pm2.5 Pm10 Monitor, Pm2.5 Pm10 Monitor Firmware | 2024-08-13 | 6.5 Medium |
| This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. | ||||
| CVE-2024-0860 | 2024-08-12 | 8 High | ||
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. | ||||
| CVE-2024-25960 | 2024-08-12 | 7.3 High | ||
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. | ||||
| CVE-2024-32864 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 6.4 Medium |
| Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS) | ||||
| CVE-2024-31840 | 1 Italtel | 1 Embrace | 2024-08-08 | 6.5 Medium |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. | ||||
| CVE-2003-5002 | 1 Ibm | 1 Iss Blackice Pc Protection | 2024-08-08 | 3.7 Low |
| A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||