Search
Total
156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18800 | 1 Rakuten | 1 Viber | 2020-08-24 | 4.3 MEDIUM | 8.8 HIGH |
| Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 20 bytes of udid in a binary format, which is located at offset 0x14 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS. | |||||
| CVE-2019-13498 | 1 Oneidentity | 1 Cloud Access Manager | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. | |||||
| CVE-2019-15626 | 1 Trendmicro | 1 Deep Security | 2020-08-24 | 4.3 MEDIUM | 7.5 HIGH |
| The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability. | |||||
| CVE-2019-1010260 | 1 Ktlint Project | 1 Ktlint | 2020-08-24 | 9.3 HIGH | 8.1 HIGH |
| Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261. | |||||
| CVE-2019-11220 | 1 Ilnkp2p Project | 1 Ilnkp2p | 2020-08-24 | 4.3 MEDIUM | 8.1 HIGH |
| An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. | |||||
| CVE-2019-12388 | 1 Anviz | 1 Anviz Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. | |||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2020-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | |||||
| CVE-2020-12048 | 1 Baxter | 2 Phoenix X36, Phoenix X36 Firmware | 2020-07-16 | 5.0 MEDIUM | 7.5 HIGH |
| Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the Phoenix system and the Exalis dialysis data management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool. | |||||
| CVE-2020-12037 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2020-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. | |||||
| CVE-2020-12036 | 1 Baxter | 4 Prismaflex, Prismaflex Firmware, Prismax and 1 more | 2020-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. | |||||
| CVE-2020-12008 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2020-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI. | |||||
| CVE-2020-10628 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2020-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | |||||
| CVE-2020-10624 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2020-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | |||||
| CVE-2020-2013 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0; | |||||
| CVE-2020-6997 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | |||||
| CVE-2020-7003 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. | |||||
| CVE-2019-5107 | 1 Wago | 1 E\!cockpit | 2020-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints. | |||||
| CVE-2019-9101 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. | |||||
| CVE-2020-5399 | 2 Cloudfoundry, Pivotal Software | 2 Credhub, Cloud Foundry Cf-deployment | 2020-02-27 | 5.8 MEDIUM | 7.4 HIGH |
| Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components. | |||||
| CVE-2019-20061 | 1 Mfscripts | 1 Yetishare | 2020-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password. | |||||
| CVE-2020-7984 | 1 Solarwinds | 1 N-central | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. | |||||
| CVE-2014-5380 | 1 Granding | 2 Grand Ma300, Grand Ma300 Firmware | 2020-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| Grand MA 300 allows retrieval of the access PIN from sniffed data. | |||||
| CVE-2019-19967 | 1 Upc | 2 Connect Box Eurodocsis, Connect Box Eurodocsis Firmware | 2020-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI. | |||||
| CVE-2019-9532 | 1 Cobham | 2 Explorer 710, Explorer 710 Firmware | 2019-10-17 | 2.1 LOW | 7.8 HIGH |
| The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. | |||||
| CVE-2019-10412 | 1 Jenkins | 1 Inedo Proget | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10411 | 1 Jenkins | 1 Inedo Buildmaster | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10435 | 1 Jenkins | 1 Sourcegear Vault | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-10434 | 1 Jenkins | 1 Ldap Email | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2018-8842 | 1 Philips | 1 E-alert Firmware | 2019-10-09 | 3.3 LOW | 8.8 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. | |||||
| CVE-2018-1600 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745. | |||||
| CVE-2017-5259 | 1 Cambiumnetworks | 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. | |||||
| CVE-2017-16035 | 1 Hubspot | 1 Hubl-server | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation. | |||||
| CVE-2017-16040 | 1 Gfe-sass Project | 1 Gfe-sass | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2017-12310 | 1 Cisco | 1 Spark Hybrid Calendar Service | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593. | |||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 4.0 MEDIUM | 7.2 HIGH |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | |||||
| CVE-2019-0231 | 1 Apache | 1 Mina | 2019-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA. | |||||
| CVE-2019-16924 | 1 Nuvending | 1 Nulock | 2019-10-04 | 3.3 LOW | 8.8 HIGH |
| The Nulock application 1.5.0 for mobile devices sends a cleartext password over Bluetooth, which allows remote attackers (after sniffing the network) to take control of the lock. | |||||
| CVE-2018-15752 | 1 Mensamax | 1 Mensamax | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authentication information between the application and the server. | |||||
| CVE-2018-1360 | 1 Fortinet | 1 Fortimanager | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | |||||
| CVE-2018-13140 | 3 Druide, Linux, Microsoft | 3 Antidote 9, Linux Kernel, Windows | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages. | |||||
| CVE-2018-12710 | 1 D-link | 2 Dir-601, Dir-601 Firmware | 2019-10-03 | 2.7 LOW | 8.0 HIGH |
| An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML. | |||||
| CVE-2018-11338 | 1 Intuit | 1 Lacerte | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable. | |||||
| CVE-2018-11050 | 1 Dell | 1 Emc Networker | 2019-10-03 | 3.3 LOW | 8.8 HIGH |
| Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user. | |||||
| CVE-2017-7133 | 1 Apple | 1 Iphone Os | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. | |||||
| CVE-2017-6432 | 1 Dahuasecurity | 2 Dhi-hcvr7216a-s3, Nvr Firmware | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. | |||||
| CVE-2018-18071 | 1 Mercedes-benz | 1 Mercedes Me | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel. | |||||
| CVE-2018-7298 | 1 Eq-3 | 2 Homematic Central Control Unit Ccu2, Homematic Central Control Unit Ccu2 Firmware | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protection of the downloaded contents. An attacker with a privileged network position (which could be obtained via DNS spoofing of www.meine-homematic.de or other approaches) can exploit this issue in order to provide arbitrary malicious firmware updates to the CCU2. This can result in a full system compromise. | |||||
| CVE-2017-1694 | 1 Ibm | 1 Integration Bus | 2019-10-03 | 4.3 MEDIUM | 8.1 HIGH |
| IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | |||||
| CVE-2018-7960 | 1 Huawei | 2 Espace 7950, Espace 7950 Firmware | 2019-10-03 | 5.8 MEDIUM | 7.4 HIGH |
| There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak. | |||||
| CVE-2017-15290 | 1 Mirasys | 1 Video Management System | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality. | |||||