Total
639 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26077 | 1 Openautomationsoftware | 1 Oas Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||
| CVE-2022-25805 | 1 Igel | 1 Universal Management Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. | |||||
| CVE-2022-25180 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline. | |||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | |||||
| CVE-2022-23509 | 1 Weave | 1 Weave Gitops | 2024-11-21 | N/A | 7.3 HIGH |
| Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. | |||||
| CVE-2022-23105 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
| Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | |||||
| CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A | 8.8 HIGH |
| When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2022-22385 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962. | |||||
| CVE-2022-21951 | 1 Suse | 1 Rancher | 2024-11-21 | 3.6 LOW | 6.8 MEDIUM |
| A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. | |||||
| CVE-2022-21829 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520. | |||||
| CVE-2022-21798 | 1 Ge | 1 Cimplicity | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | |||||
| CVE-2022-20243 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
| In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986 | |||||
| CVE-2022-1524 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. | |||||
| CVE-2022-0988 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
| Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product. | |||||
| CVE-2022-0553 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 6.5 MEDIUM |
| There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. | |||||
| CVE-2022-0162 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 7.5 HIGH | 8.4 HIGH |
| The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | |||||
| CVE-2022-0005 | 1 Intel | 918 Celeron G5205u, Celeron G5205u Firmware, Celeron G5305u and 915 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. | |||||
| CVE-2021-4258 | 1 Whohas Project | 1 Whohas | 2024-11-21 | N/A | 3.7 LOW |
| A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | |||||
| CVE-2021-4161 | 1 Moxa | 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. | |||||
| CVE-2021-45894 | 1 Zauner | 1 Arc | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. | |||||