Total
615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14954 | 1 Jetbrains | 1 Intellij Idea | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | |||||
| CVE-2020-12638 | 1 Espressif | 3 Esp-idf, Esp8266 Nonos Sdk, Esp8266 Rtos Sdk | 2021-07-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. | |||||
| CVE-2020-9526 | 1 Cs2-network | 1 P2p | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | |||||
| CVE-2019-16067 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit. | |||||
| CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | |||||
| CVE-2019-16063 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data rendered within web pages. It is possible for an attacker to expose unencrypted sensitive data. | |||||
| CVE-2020-5885 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring. | |||||
| CVE-2020-15062 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2021-07-21 | 3.3 LOW | 8.8 HIGH |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
| CVE-2019-17393 | 1 Tomedo | 1 Server | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password. | |||||
| CVE-2019-14959 | 1 Jetbrains | 1 Toolbox | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. | |||||
| CVE-2019-10735 | 1 Claws-mail | 1 Mail | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2020-5899 | 1 F5 | 1 Nginx Controller | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code. | |||||
| CVE-2020-15482 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. | |||||
| CVE-2019-19316 | 1 Hashicorp | 1 Terraform | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | |||||
| CVE-2019-17356 | 1 Infinitestudio | 1 Infinite Design | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network. | |||||
| CVE-2020-29005 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | |||||
| CVE-2021-32612 | 1 I-doo | 1 Veryfitpro | 2021-07-12 | 4.3 MEDIUM | 8.1 HIGH |
| The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. | |||||
| CVE-2021-22380 | 1 Huawei | 1 Emui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. | |||||
| CVE-2021-23846 | 1 Bosch | 2 B426, B426 Firmware | 2021-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. | |||||
| CVE-2019-19889 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf. | |||||