Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23884 | 1 Mcafee | 1 Content Security Reporter | 2024-08-03 | 4.3 Medium |
| Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR. | ||||
| CVE-2021-22947 | 9 Apple, Debian, Fedoraproject and 6 more | 37 Macos, Debian Linux, Fedora and 34 more | 2024-08-03 | 5.9 Medium |
| When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. | ||||
| CVE-2021-23018 | 1 F5 | 1 Nginx Controller | 2024-08-03 | 7.4 High |
| Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster. | ||||
| CVE-2021-22923 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-08-03 | 5.3 Medium |
| When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. | ||||
| CVE-2021-22946 | 9 Apple, Debian, Fedoraproject and 6 more | 40 Macos, Debian Linux, Fedora and 37 more | 2024-08-03 | 7.5 High |
| A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. | ||||
| CVE-2021-22702 | 1 Schneider-electric | 24 Powerlogic Ion7300, Powerlogic Ion7300 Firmware, Powerlogic Ion7400 and 21 more | 2024-08-03 | 7.5 High |
| A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. | ||||
| CVE-2021-22703 | 1 Schneider-electric | 20 Powerlogic Ion7400, Powerlogic Ion7400 Firmware, Powerlogic Ion7650 and 17 more | 2024-08-03 | 7.5 High |
| A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. | ||||
| CVE-2021-22380 | 1 Huawei | 1 Emui | 2024-08-03 | 9.1 Critical |
| There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. | ||||
| CVE-2021-22325 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 5.3 Medium |
| There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission. | ||||
| CVE-2021-4258 | 1 Whohas Project | 1 Whohas | 2024-08-03 | 3.7 Low |
| A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | ||||
| CVE-2021-21387 | 1 Wrongthink | 1 Wrongthink | 2024-08-03 | 8.1 High |
| Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. | ||||
| CVE-2021-21270 | 1 Octopus | 1 Octopusdsc | 2024-08-03 | 6.2 Medium |
| OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002. | ||||
| CVE-2021-20623 | 1 Panasonic | 1 Video Insight Vms | 2024-08-03 | 9.8 Critical |
| Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. | ||||
| CVE-2021-20599 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-08-03 | 9.1 Critical |
| Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password. | ||||
| CVE-2021-20154 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-03 | 7.5 High |
| Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords. | ||||
| CVE-2021-20174 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-08-03 | 7.5 High |
| Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. By default, all communication to/from the device's web interface is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. | ||||
| CVE-2021-20169 | 1 Netgear | 2 Rax43, Rax43 Firmware | 2024-08-03 | 6.8 Medium |
| Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext. | ||||
| CVE-2021-20175 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-08-03 | 7.5 High |
| Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface (port 5000) is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitted in cleartext | ||||
| CVE-2021-3774 | 1 Meross | 2 Mss550x, Mss550x Firmware | 2024-08-03 | 7.4 High |
| Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app via Http/JSON plain request. | ||||
| CVE-2021-3792 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-08-03 | 5.3 Medium |
| Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker. | ||||