Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2024-08-04 | 5.3 Medium |
| Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2024-08-04 | 5.3 Medium |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2153 | 1 Jenkins | 1 Backlog | 2024-08-04 | 4.3 Medium |
| Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2020-2149 | 1 Jenkins | 1 Repository Connector | 2024-08-04 | 5.3 Medium |
| Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-1902 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-08-04 | 7.5 High |
| A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP. | ||||
| CVE-2020-1749 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-08-04 | 7.5 High |
| A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-1343 | 1 Microsoft | 1 Visual Studio Live Share | 2024-08-04 | 5.9 Medium |
| An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'. | ||||
| CVE-2020-0884 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2024-08-04 | 3.7 Low |
| A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'. | ||||
| CVE-2021-45894 | 1 Zauner | 1 Arc | 2024-08-04 | 5.9 Medium |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. | ||||
| CVE-2021-45735 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | ||||
| CVE-2021-45447 | 1 Hitachi | 1 Vantara Pentaho | 2024-08-04 | 7.7 High |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. | ||||
| CVE-2021-45104 | 1 Wisc | 1 Htcondor | 2024-08-04 | 7.4 High |
| An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data. | ||||
| CVE-2021-45081 | 1 Cobbler Project | 1 Cobbler | 2024-08-04 | 5.9 Medium |
| An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. | ||||
| CVE-2021-45100 | 3 Ksmbd Project, Linux, Netapp | 18 Ksmbd, Linux Kernel, H300e and 15 more | 2024-08-04 | 7.5 High |
| The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. | ||||
| CVE-2021-44480 | 1 Wokkalokka | 2 Wokka Watch Q50, Wokka Watch Q50 Firmware | 2024-08-04 | 8.1 High |
| Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. | ||||
| CVE-2021-44518 | 1 Digipas | 1 Egeetouch Manager | 2024-08-04 | 6.8 Medium |
| An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication. | ||||
| CVE-2021-43270 | 1 Datalust | 1 Seq.app.emailplus | 2024-08-04 | 7.5 High |
| Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended. | ||||
| CVE-2021-42948 | 1 Digitaldruid | 1 Hoteldruid | 2024-08-04 | 3.7 Low |
| HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | ||||
| CVE-2021-42699 | 1 Azeotech | 1 Daqfactory | 2024-08-04 | 5.7 Medium |
| The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. | ||||
| CVE-2021-41849 | 3 Bluproducts, Luna, Wikomobile | 10 G9, G90, G90 Firmware and 7 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | ||||