Total
638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4390 | 1 Cisco | 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware | 2024-11-21 | 10.0 HIGH | 7.5 HIGH |
| The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | |||||
| CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2008-3289 | 1 Storcentric | 1 Retrospect Backup Client | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | |||||
| CVE-2008-0374 | 1 Oki | 2 C5510mfp, C5510mfp Firmware | 2024-11-21 | 10.0 HIGH | 7.5 HIGH |
| OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | |||||
| CVE-2007-5626 | 1 Bacula | 1 Bacula | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. | |||||
| CVE-2007-4786 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2005-3140 | 1 Procom | 2 Netforce 800, Netforce 800 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes. | |||||
| CVE-2005-2069 | 2 Openldap, Padl | 3 Openldap, Nss Ldap, Pam Ldap | 2024-11-20 | 5.0 MEDIUM | N/A |
| pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | |||||
| CVE-2004-1852 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-20 | 5.0 MEDIUM | N/A |
| DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. | |||||
| CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | |||||
| CVE-2024-28169 | 2024-11-15 | N/A | 5.4 MEDIUM | ||
| Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-9834 | 2024-11-15 | N/A | 9.3 CRITICAL | ||
| Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | |||||
| CVE-2024-50634 | 1 Sbond | 1 Watcharr | 2024-11-14 | N/A | 8.8 HIGH |
| A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication. | |||||
| CVE-2024-37163 | 1 Opensourcelabs | 1 Skyscraper | 2024-11-13 | N/A | 7.5 HIGH |
| SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0. | |||||
| CVE-2024-32946 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2024-11-13 | N/A | 5.9 MEDIUM |
| A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attacks. | |||||
| CVE-2024-43432 | 2024-11-12 | N/A | 5.3 MEDIUM | ||
| A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | |||||
| CVE-2024-0066 | 2024-11-08 | N/A | 5.3 MEDIUM | ||
| Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C is not being used this flaw does not apply. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-4509 | 2024-11-07 | N/A | 4.3 MEDIUM | ||
| It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. | |||||
| CVE-2022-32510 | 2024-11-07 | N/A | 7.1 HIGH | ||
| An issue was discovered on certain Nuki Home Solutions devices. The HTTP API exposed by a Bridge used an unencrypted channel to provide an administrative interface. A token can be easily eavesdropped by a malicious actor to impersonate a legitimate user and gain access to the full set of API endpoints. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2. | |||||
| CVE-2024-8013 | 1 Mongodb | 2 Mongo Crypt V1.so, Mongocryptd | 2024-10-31 | N/A | 3.3 LOW |
| A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions. | |||||