Total
639 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16924 | 1 Nuvending | 1 Nulock | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. | |||||
CVE-2019-16732 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | |||||
CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | |||||
CVE-2019-16568 | 1 Jenkins | 1 Sctmexecutor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | |||||
CVE-2019-16545 | 1 Qmetry | 1 Jenkins Qmetry For Jira | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
CVE-2019-16274 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. | |||||
CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | |||||
CVE-2019-16063 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data. | |||||
CVE-2019-15911 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages. | |||||
CVE-2019-15635 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box. | |||||
CVE-2019-15626 | 1 Trendmicro | 1 Deep Security | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. | |||||
CVE-2019-15135 | 1 Omg | 1 Dds Security | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network. | |||||
CVE-2019-14959 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. | |||||
CVE-2019-14954 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | |||||
CVE-2019-14942 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.9 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP. | |||||
CVE-2019-14808 | 1 Renpho | 1 Renpho | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab (e.g., exposure of his birthday) or logs into his account (i.e., exposure of credentials). | |||||
CVE-2019-14664 | 2 Enigmail, Fedoraproject | 2 Enigmail, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. | |||||
CVE-2019-14319 | 3 Apple, Google, Tiktok | 3 Iphone Os, Android, Tiktok | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic. | |||||
CVE-2019-13498 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | |||||
CVE-2019-13394 | 1 Netgear | 2 Cg3700b, Cg3700b Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. |