Total
671 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43432 | 1 Moodle | 1 Moodle | 2024-11-12 | 5.3 Medium |
| A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | ||||
| CVE-2023-3272 | 2 Sick, Sick Ag | 3 Icr890-4, Icr890-4 Firmware, Icr890-4 | 2024-11-12 | 7.5 High |
| Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | ||||
| CVE-2024-0066 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2024-11-08 | 5.3 Medium |
| Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2023-4509 | 1 Octopus | 1 Octopus Server | 2024-11-07 | 4.3 Medium |
| It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. | ||||
| CVE-2022-32510 | 2024-11-07 | 7.1 High | ||
| An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | ||||
| CVE-2024-10973 | 2024-11-07 | 5.7 Medium | ||
| A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information. | ||||
| CVE-2024-32946 | 2024-11-01 | 5.9 Medium | ||
| A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks. | ||||
| CVE-2023-31823 | 1 Marui | 1 Marui | 2024-10-31 | 7.5 High |
| An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function. | ||||
| CVE-2024-8013 | 1 Mongodb | 2 Mongo Crypt V1.so, Mongocryptd | 2024-10-31 | 2.2 Low |
| A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions. | ||||
| CVE-2024-7531 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | 6.3 Medium |
| Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. | ||||
| CVE-2024-50624 | 1 Kde | 1 Kmail | 2024-10-30 | 5.9 Medium |
| ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. | ||||
| CVE-2023-35833 | 1 Ysoft | 1 Safeq Server | 2024-10-30 | 6.5 Medium |
| An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the vendor originally reported this as a security issue but then reconsidered because of the requirement for Admin access in order to change the configuration. | ||||
| CVE-2024-35495 | 2024-10-30 | 4.3 Medium | ||
| An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic. | ||||
| CVE-2024-25735 | 1 Wyrestorm | 1 Apollo Vx20 | 2024-10-28 | 9.1 Critical |
| An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP /device/config GET request. | ||||
| CVE-2023-34142 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2024-10-28 | 9 Critical |
| Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. | ||||
| CVE-2018-1360 | 1 Fortinet | 1 Fortimanager | 2024-10-25 | N/A |
| A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | ||||
| CVE-2024-40595 | 1 Oneidentity | 1 Safeguard For Privileged Sessions | 2024-10-25 | 5.3 Medium |
| An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtain access to privileged sessions on target resources by intercepting cleartext RDP protocol information. | ||||
| CVE-2024-40090 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2024-10-23 | 4.3 Medium |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. | ||||
| CVE-2022-41327 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-23 | 7.6 High |
| A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands. | ||||
| CVE-2023-30565 | 1 Bd | 1 Guardrails Cqi Reporter | 2024-10-22 | 3.5 Low |
| An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. | ||||