Vulnerabilities (CVE)

Filtered by CWE-319
Total 638 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33837 1 Ibm 1 Security Verify Governance 2024-09-19 N/A 7.5 HIGH
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.
CVE-2023-27291 2024-09-19 N/A 4.5 MEDIUM
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.
CVE-2024-41927 1 Idec 182 Ft1a-b12ra, Ft1a-b12ra Firmware, Ft1a-b24ra and 179 more 2024-09-19 N/A 4.6 MEDIUM
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
CVE-2024-44105 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
CVE-2021-20335 1 Mongodb 1 Ops Manager 2024-09-17 4.1 MEDIUM 4.6 MEDIUM
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted*.* Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue.
CVE-2021-20409 2 Ibm, Linux 2 Security Verify Information Queue, Linux Kernel 2024-09-16 5.0 MEDIUM 7.5 HIGH
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 196188.
CVE-2022-21951 1 Suse 1 Rancher 2024-09-16 3.6 LOW 6.8 MEDIUM
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.
CVE-2024-45101 2024-09-14 N/A 6.8 MEDIUM
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
CVE-2024-8059 2024-09-14 N/A 4.3 MEDIUM
IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.
CVE-2024-38891 1 Horizoncloud 1 Caterease 2024-08-20 N/A 7.5 HIGH
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
CVE-2023-28616 1 Stormshield 1 Stormshield Network Security 2024-08-20 N/A 7.5 HIGH
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
CVE-2024-38167 1 Microsoft 2 .net, Visual Studio 2022 2024-08-16 N/A 6.5 MEDIUM
.NET and Visual Studio Information Disclosure Vulnerability
CVE-2024-31799 1 Gncchome 2 Gncc C2, Gncc C2 Firmware 2024-08-16 N/A 4.6 MEDIUM
Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.
CVE-2024-7408 1 Airveda 2 Pm2.5 Pm10 Monitor, Pm2.5 Pm10 Monitor Firmware 2024-08-13 N/A 6.5 MEDIUM
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system.
CVE-2024-32864 1 Johnsoncontrols 1 Exacqvision Web Service 2024-08-09 N/A 8.1 HIGH
Under certain circumstances exacqVision Web Services will not enforce secure web communications (HTTPS)
CVE-2003-5002 1 Ibm 1 Iss Blackice Pc Protection 2024-08-08 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2024-35210 1 Siemens 1 Sinec Traffic Analyzer 2024-08-06 N/A 7.5 HIGH
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.
CVE-2024-41687 1 Syrotech 2 Sy-gpon-1110-wdont, Sy-gpon-1110-wdont Firmware 2024-08-05 N/A 7.5 HIGH
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. A remote attacker could exploit this vulnerability by intercepting transmission within an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
CVE-2021-4258 1 Whohas Project 1 Whohas 2024-08-03 N/A 7.5 HIGH
A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.
CVE-2022-47560 1 Ormazabal 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more 2024-08-03 N/A 6.5 MEDIUM
The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.