Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46383 | 1 Loytec | 1 L-inx Configurator | 2024-09-20 | 7.5 High |
| LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration. | ||||
| CVE-2023-46382 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2024-09-19 | 7.5 High |
| LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices (all versions) use cleartext HTTP for login. | ||||
| CVE-2023-3361 | 2 Opendatahub, Redhat | 2 Open Data Hub Dashboard, Openshift Data Science | 2024-09-19 | 7.7 High |
| A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. | ||||
| CVE-2023-5461 | 1 Deltaww | 1 Wplsoft | 2024-09-19 | 3.7 Low |
| A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0220 | 1 Br-automation | 1 Automation Studio | 2024-09-19 | 8.3 High |
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | ||||
| CVE-2023-33837 | 1 Ibm | 1 Security Verify Governance | 2024-09-19 | 4.1 Medium |
| IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | ||||
| CVE-2023-27291 | 2024-09-19 | 4.5 Medium | ||
| IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740. | ||||
| CVE-2024-41927 | 1 Idec | 182 Ft1a-b12ra, Ft1a-b12ra Firmware, Ft1a-b24ra and 179 more | 2024-09-19 | 4.6 Medium |
| Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated. | ||||
| CVE-2023-5100 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-09-19 | 5.9 Medium |
| Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | ||||
| CVE-2023-23371 | 1 Qnap | 1 Qvpn | 2024-09-19 | 5.2 Medium |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | ||||
| CVE-2024-44105 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.2 High |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | ||||
| CVE-2017-1181 | 1 Ibm | 1 Tivoli Monitoring | 2024-09-17 | N/A |
| IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. | ||||
| CVE-2022-30993 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-09-17 | 7.5 High |
| Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | ||||
| CVE-2019-4063 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-17 | 5.9 Medium |
| IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. | ||||
| CVE-2021-32456 | 1 Sitel-sa | 2 Remote Cap\/prx, Remote Cap\/prx Firmware | 2024-09-17 | 6.5 Medium |
| SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic. | ||||
| CVE-2020-4970 | 1 Ibm | 1 Security Identity Manager | 2024-09-17 | 5.9 Medium |
| IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429. | ||||
| CVE-2019-4743 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-09-17 | 4.3 Medium |
| IBM Financial Transaction Manager 3.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172880. | ||||
| CVE-2018-1297 | 1 Apache | 1 Jmeter | 2024-09-17 | N/A |
| When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. | ||||
| CVE-2018-5401 | 2 Arm, Auto-maskin | 6 Arm7, Dcu 210e, Dcu 210e Firmware and 3 more | 2024-09-17 | N/A |
| The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7. | ||||
| CVE-2019-4162 | 1 Ibm | 1 Security Information Queue | 2024-09-17 | 7.5 High |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661. | ||||