Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29005 | 1 Mediawiki | 1 Mediawiki | 2024-08-04 | 7.5 High |
| The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | ||||
| CVE-2020-28896 | 4 Debian, Mutt, Neomutt and 1 more | 4 Debian Linux, Mutt, Neomutt and 1 more | 2024-08-04 | 5.3 Medium |
| Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. | ||||
| CVE-2020-27554 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-08-04 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | ||||
| CVE-2020-27586 | 1 Quickheal | 1 Total Security | 2024-08-04 | 5.9 Medium |
| Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. | ||||
| CVE-2020-27185 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2024-08-04 | 7.5 High |
| Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. | ||||
| CVE-2020-27184 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2024-08-04 | 5.9 Medium |
| The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks. | ||||
| CVE-2020-25988 | 1 Genexis | 2 Platinum 4410, Platinum 4410 Firmware | 2024-08-04 | 6.5 Medium |
| UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent. | ||||
| CVE-2020-25748 | 1 Rubetek | 6 Rv-3406, Rv-3406 Firmware, Rv-3409 and 3 more | 2024-08-04 | 8.1 High |
| A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values. | ||||
| CVE-2020-25645 | 6 Canonical, Debian, Linux and 3 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-08-04 | 7.5 High |
| A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-25605 | 1 Agora | 1 Video Software Development Kit | 2024-08-04 | 5.9 Medium |
| Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic. | ||||
| CVE-2020-25178 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2024-08-04 | 7.5 High |
| ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. | ||||
| CVE-2020-25155 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-08-04 | 7.5 High |
| The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions). | ||||
| CVE-2020-20128 | 1 Laracms Project | 1 Laracms | 2024-08-04 | 7.5 High |
| LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. | ||||
| CVE-2020-15954 | 2 Debian, Kde | 2 Debian Linux, Kmail | 2024-08-04 | 6.5 Medium |
| KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | ||||
| CVE-2020-15785 | 1 Siemens | 1 Siveillance Video Client | 2024-08-04 | 5.3 Medium |
| A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext. This could allow an attacker in a privileged network position to obtain valid adminstrator login names and use this information to launch further attacks. | ||||
| CVE-2020-15509 | 1 Nordicsemi | 2 Android Ble Library, Dfu Library | 2024-08-04 | 6.5 Medium |
| Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler). | ||||
| CVE-2020-15482 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-08-04 | 7.8 High |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. | ||||
| CVE-2020-15062 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-08-04 | 8.8 High |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-08-04 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-08-04 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||