Total
828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6665 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM |
|
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.
|
|||||
| CVE-2017-7078 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.
|
|||||
| CVE-2017-17844 | 2 Debian, Enigmail | 2 Debian Linux, Enigmail | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue.
|
|||||
| CVE-2017-1232 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911.
|
|||||
| CVE-2017-1181 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 1.9 LOW | 7.0 HIGH |
|
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.
|
|||||
| CVE-2017-2412 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "iTunes Store" component. It allows man-in-the-middle attackers to modify the client-server data stream to iTunes sandbox web services by leveraging use of cleartext HTTP.
|
|||||
| CVE-2017-3815 | 1 Cisco | 1 Telepresence Server Software | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616.
|
|||||
| CVE-2017-6370 | 1 Typo3 | 1 Typo3 | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
|
|||||
| CVE-2017-1694 | 1 Ibm | 1 Integration Bus | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
|
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.
|
|||||
| CVE-2017-15290 | 1 Mirasys | 1 Video Management System | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.
|
|||||
| CVE-2017-8444 | 1 Elasticsearch | 1 Cloud Enterprise | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.
|
|||||
| CVE-2017-7147 | 1 Apple | 2 Apple Support, Iphone Os | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.
|
|||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2025-04-17 | N/A | 6.5 MEDIUM |
|
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
|
|||||
| CVE-2023-31300 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2025-04-17 | N/A | 7.5 HIGH |
|
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature.
|
|||||
| CVE-2025-43704 | 2025-04-17 | N/A | 4.7 MEDIUM | ||
|
Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.
|
|||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | N/A | 6.4 MEDIUM |
|
Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access.
|
|||||
| CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | N/A | 8.8 HIGH |
|
When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.
|
|||||
| CVE-2023-1656 | 1 Forgerock | 1 Ldap Connector | 2025-04-14 | N/A | 7.5 HIGH |
|
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.
|
|||||
| CVE-2011-3022 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2025-27722 | 2025-04-09 | N/A | 5.9 MEDIUM | ||
|
Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
|
|||||
| CVE-2008-4390 | 1 Cisco | 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware | 2025-04-09 | 10.0 HIGH | 7.5 HIGH |
|
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.
|
|||||
| CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2025-04-09 | 5.0 MEDIUM | 7.5 HIGH |
|
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
|
|||||
| CVE-2007-4786 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-09 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
|
|||||
| CVE-2008-3289 | 1 Storcentric | 1 Retrospect Backup Client | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
|
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
|
|||||
| CVE-2008-0374 | 1 Oki | 2 C5510mfp, C5510mfp Firmware | 2025-04-09 | 10.0 HIGH | 7.5 HIGH |
|
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
|
|||||
| CVE-2007-5626 | 1 Bacula | 1 Bacula | 2025-04-09 | 2.1 LOW | 5.5 MEDIUM |
|
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
|
|||||
| CVE-2025-3329 | 1 Consumer | 1 Comanda Mobile | 2025-04-08 | 1.8 LOW | 3.1 LOW |
|
A vulnerability classified as problematic has been found in Consumer Comanda Mobile up to 14.9.3.2/15.0.0.8. This affects an unknown part of the component Restaurant Order Handler. The manipulation of the argument Login/Password leads to cleartext transmission of sensitive information. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-26654 | 2025-04-08 | N/A | 6.8 MEDIUM | ||
|
SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.
|
|||||
| CVE-2005-3140 | 1 Procom | 2 Netforce 800, Netforce 800 Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.
|
|||||
| CVE-2004-1852 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2025-04-03 | 5.0 MEDIUM | N/A |
|
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
|
|||||
| CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
|
|||||
| CVE-2005-2069 | 2 Openldap, Padl | 3 Openldap, Nss Ldap, Pam Ldap | 2025-04-03 | 5.0 MEDIUM | N/A |
|
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
|
|||||
| CVE-2023-24440 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | N/A | 5.5 MEDIUM |
|
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
|
|||||
| CVE-2025-23060 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-03-28 | N/A | 6.6 MEDIUM |
|
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
|
|||||
| CVE-2024-44276 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-28 | N/A | 7.3 HIGH |
|
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information.
|
|||||
| CVE-2024-45361 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
|
A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.
|
|||||
| CVE-2022-47714 | 1 Lastyard | 1 Last Yard | 2025-03-27 | N/A | 9.8 CRITICAL |
|
Last Yard 22.09.8-1 does not enforce HSTS headers
|
|||||
| CVE-2023-25016 | 1 Couchbase | 1 Couchbase Server | 2025-03-25 | N/A | 7.5 HIGH |
|
Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor.
|
|||||
| CVE-2025-2311 | 2025-03-21 | N/A | 9.0 CRITICAL | ||
|
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring.This issue affects SecHard: before 3.3.0.20220411.
|
|||||
| CVE-2025-25728 | 2025-03-19 | N/A | 6.5 MEDIUM | ||
|
Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to send communications to the update API in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack.
|
|||||