Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33408 | 1 Abinitio | 1 Control\>center | 2024-08-03 | 6.5 Medium |
| Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1. | ||||
| CVE-2021-33022 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-08-03 | 7.5 High |
| Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
| CVE-2021-32982 | 1 Automationdirect | 40 C0-10are-d, C0-10are-d Firmware, C0-10dd1e-d and 37 more | 2024-08-03 | 7.5 High |
| Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange. | ||||
| CVE-2021-32966 | 1 Philips | 1 Interoperability Solution Xds | 2024-08-03 | 3.7 Low |
| Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. | ||||
| CVE-2021-32934 | 1 Throughtek | 1 Kalay P2p Software Development Kit | 2024-08-03 | 9.1 Critical |
| The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds. | ||||
| CVE-2021-32612 | 1 I-doo | 1 Veryfitpro | 2024-08-03 | 8.1 High |
| The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. | ||||
| CVE-2021-32066 | 3 Oracle, Redhat, Ruby-lang | 6 Jd Edwards Enterpriseone Tools, Enterprise Linux, Rhel E4s and 3 more | 2024-08-03 | 7.4 High |
| An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | ||||
| CVE-2021-31815 | 1 Google | 1 Google\/apple Exposure Notifications | 2024-08-03 | 3.3 Low |
| GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment "began several weeks ago and will be complete in the coming days." | ||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2024-08-03 | 7.5 High |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | ||||
| CVE-2021-31671 | 1 Pgsync Project | 1 Pgsync | 2024-08-03 | 7.5 High |
| pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used. | ||||
| CVE-2021-29397 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-08-03 | 7.5 High |
| Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. | ||||
| CVE-2021-27924 | 1 Couchbase | 1 Couchbase Server | 2024-08-03 | 5.9 Medium |
| An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely logging session cookies in the logs. This allows for the impersonation of a user if the log files are obtained by an attacker before a session cookie expires. | ||||
| CVE-2021-27574 | 1 Remotemouse | 1 Emote Remote Mouse | 2024-08-03 | 8.1 High |
| An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and request, updates. Thus, attackers can machine-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings. | ||||
| CVE-2021-27569 | 1 Remotemouse | 1 Emote Remote Mouse | 2024-08-03 | 5.3 Medium |
| An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic. | ||||
| CVE-2021-27422 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-08-03 | 7.5 High |
| GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. | ||||
| CVE-2021-27251 | 1 Netgear | 84 Br200, Br200 Firmware, Br500 and 81 more | 2024-08-03 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. | ||||
| CVE-2021-27194 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2024-08-03 | 8.8 High |
| Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords. | ||||
| CVE-2021-27209 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2024-08-03 | 7.1 High |
| In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | ||||
| CVE-2021-25643 | 1 Couchbase | 1 Couchbase Server | 2024-08-03 | 4.9 Medium |
| An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or /listMetadataTokens call. | ||||
| CVE-2021-23896 | 1 Mcafee | 1 Database Security | 2024-08-03 | 3.2 Low |
| Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server. | ||||