Total
770 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14486 | 1 Vibease | 2 Chat, Wireless Remote Vibrator | 2025-04-20 | N/A |
| The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. | ||||
| CVE-2017-3815 | 1 Cisco | 1 Telepresence Server Software | 2025-04-20 | N/A |
| An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616. | ||||
| CVE-2017-6432 | 1 Dahuasecurity | 2 Dhi-hcvr7216a-s3, Nvr Firmware | 2025-04-20 | N/A |
| An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. | ||||
| CVE-2017-6410 | 1 Kde | 2 Kdelibs, Kio | 2025-04-20 | N/A |
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | ||||
| CVE-2017-6341 | 1 Dahuasecurity | 4 Camera Firmware, Dhi-hcvr7216a-s3, Nvr Firmware and 1 more | 2025-04-20 | N/A |
| Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. | ||||
| CVE-2017-8850 | 1 Oneplus | 6 Oneplus 2, Oneplus 3, Oneplus 3t and 3 more | 2025-04-20 | N/A |
| An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off). | ||||
| CVE-2017-7078 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions. | ||||
| CVE-2017-14009 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | N/A |
| An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password. | ||||
| CVE-2017-7147 | 1 Apple | 2 Apple Support, Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time. | ||||
| CVE-2017-6370 | 1 Typo3 | 1 Typo3 | 2025-04-20 | N/A |
| TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. | ||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2025-04-17 | 6.5 Medium |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | ||||
| CVE-2023-31300 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2025-04-17 | 7.5 High |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | ||||
| CVE-2020-4497 | 1 Ibm | 1 Spectrum Protect Plus | 2025-04-17 | 6.8 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. | ||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | 6.4 Medium |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. | ||||
| CVE-2022-21798 | 1 Ge | 1 Cimplicity | 2025-04-16 | 7.5 High |
| The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | ||||
| CVE-2020-25178 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2025-04-16 | 7.5 High |
| ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. | ||||
| CVE-2022-1524 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2025-04-16 | 7.4 High |
| LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. | ||||
| CVE-2022-2003 | 1 Automationdirect | 18 D0-06aa, D0-06aa Firmware, D0-06ar and 15 more | 2025-04-16 | 7.7 High |
| AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; | ||||
| CVE-2022-2485 | 1 Automationdirect | 20 Sio-mb04ads, Sio-mb04ads Firmware, Sio-mb04das and 17 more | 2025-04-16 | 9.6 Critical |
| Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | ||||
| CVE-2021-41835 | 1 Fresenius-kabi | 7 Agilia Connect, Agilia Partner Maintenance Software, Link\+ Agilia and 4 more | 2025-04-16 | 7.3 High |
| Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port TCP/80 to the encrypted service. | ||||