Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23105 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 6.5 Medium |
| Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. | ||||
| CVE-2022-22385 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | 5.9 Medium |
| IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962. | ||||
| CVE-2022-21951 | 1 Suse | 1 Rancher | 2024-11-21 | 6.8 Medium |
| A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. | ||||
| CVE-2022-21829 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.8 Critical |
| Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520. | ||||
| CVE-2022-20243 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986 | ||||
| CVE-2022-0162 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 8.4 High |
| The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | ||||
| CVE-2021-4161 | 1 Moxa | 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more | 2024-11-21 | 9.8 Critical |
| The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. | ||||
| CVE-2021-45894 | 1 Zauner | 1 Arc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information. | ||||
| CVE-2021-45735 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | ||||
| CVE-2021-45104 | 1 Wisc | 1 Htcondor | 2024-11-21 | 7.4 High |
| An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data. | ||||
| CVE-2021-45100 | 3 Ksmbd Project, Linux, Netapp | 18 Ksmbd, Linux Kernel, H300e and 15 more | 2024-11-21 | 7.5 High |
| The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption. | ||||
| CVE-2021-45081 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. | ||||
| CVE-2021-44518 | 1 Digipas | 1 Egeetouch Manager | 2024-11-21 | 6.8 Medium |
| An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication. | ||||
| CVE-2021-44480 | 1 Wokkalokka | 2 Wokka Watch Q50, Wokka Watch Q50 Firmware | 2024-11-21 | 8.1 High |
| Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords. | ||||
| CVE-2021-43270 | 1 Datalust | 1 Seq.app.emailplus | 2024-11-21 | 7.5 High |
| Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended. | ||||
| CVE-2021-42948 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 3.7 Low |
| HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | ||||
| CVE-2021-42699 | 1 Azeotech | 1 Daqfactory | 2024-11-21 | 5.7 Medium |
| The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account. | ||||
| CVE-2021-41849 | 3 Bluproducts, Luna, Wikomobile | 10 G9, G90, G90 Firmware and 7 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | ||||
| CVE-2021-41355 | 2 Microsoft, Redhat | 6 .net, Powershell, Powershell Core and 3 more | 2024-11-21 | 5.7 Medium |
| .NET Core and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2021-40847 | 1 Netgear | 22 R6400v2, R6400v2 Firmware, R6700 and 19 more | 2024-11-21 | 8.1 High |
| The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default. This daemon connects to Circle and NETGEAR to obtain version information and updates to the circled daemon and its filtering database. However, database updates from NETGEAR are unsigned and downloaded via cleartext HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to circled update requests with a crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code. This affects R6400v2 1.0.4.106, R6700 1.0.2.16, R6700v3 1.0.4.106, R6900 1.0.2.16, R6900P 1.3.2.134, R7000 1.0.11.123, R7000P 1.3.2.134, R7850 1.0.5.68, R7900 1.0.4.38, R8000 1.0.4.68, and RS400 1.5.0.68. | ||||