Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2754 | 1 Cloudflare | 1 Warp | 2024-11-21 | 7.4 High |
| The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | ||||
| CVE-2023-28616 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.5 High |
| An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. | ||||
| CVE-2023-25848 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 5.3 Medium |
| ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed. | ||||
| CVE-2023-23915 | 4 Haxx, Netapp, Redhat and 1 more | 13 Curl, Active Iq Unified Manager, Clustered Data Ontap and 10 more | 2024-11-21 | 6.5 Medium |
| A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | ||||
| CVE-2023-23371 | 1 Qnap | 1 Qvpn | 2024-11-21 | 5.2 Medium |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | ||||
| CVE-2023-23130 | 1 Connectwise | 1 Automate | 2024-11-21 | 5.9 Medium |
| Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. | ||||
| CVE-2023-22870 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2024-11-21 | 5.9 Medium |
| IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121. | ||||
| CVE-2023-0001 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | 6 Medium |
| An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. | ||||
| CVE-2022-47892 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2024-11-21 | 5.3 Medium |
| All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. | ||||
| CVE-2022-45877 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 8.3 High |
| OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | ||||
| CVE-2022-42916 | 5 Apple, Fedoraproject, Haxx and 2 more | 5 Macos, Fedora, Curl and 2 more | 2024-11-21 | 7.5 High |
| In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. | ||||
| CVE-2022-41327 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.6 High |
| A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands. | ||||
| CVE-2022-40693 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | 7.5 High |
| A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | ||||
| CVE-2022-3261 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-11-21 | 4.4 Medium |
| A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | ||||
| CVE-2022-38846 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 5.9 Medium |
| EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack. | ||||
| CVE-2022-36200 | 1 Fiberhome | 2 Hg150-ub, Hg150-ub Firmware | 2024-11-21 | 7.5 High |
| In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. | ||||
| CVE-2022-34804 | 1 Jenkins | 1 Opsgenie | 2024-11-21 | 4.3 Medium |
| Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2022-34801 | 1 Jenkins | 1 Build Notifications | 2024-11-21 | 4.3 Medium |
| Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2022-33724 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | ||||
| CVE-2022-32245 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 8.2 High |
| SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. | ||||