Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15999 | 1 Nq | 1 Contacts Backup \& Restore | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. | |||||
| CVE-2017-1181 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 1.9 LOW | 7.0 HIGH |
| IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. | |||||
| CVE-2017-14009 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password. | |||||
| CVE-2017-6410 | 1 Kde | 2 Kdelibs, Kio | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | |||||
| CVE-2017-9035 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. | |||||
| CVE-2017-6341 | 1 Dahuasecurity | 4 Camera Firmware, Dhi-hcvr7216a-s3, Nvr Firmware and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. | |||||
| CVE-2017-6665 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM |
| A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1. | |||||
| CVE-2017-6432 | 1 Dahuasecurity | 2 Dhi-hcvr7216a-s3, Nvr Firmware | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. | |||||
| CVE-2017-7078 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions. | |||||
| CVE-2017-15042 | 1 Golang | 1 Go | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. | |||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2025-04-17 | N/A | 6.5 MEDIUM |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | |||||
| CVE-2023-31300 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2025-04-17 | N/A | 7.5 HIGH |
| An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature. | |||||
| CVE-2025-43704 | 2025-04-17 | N/A | 4.7 MEDIUM | ||
| Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. | |||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2025-04-16 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure. This requires privileged network access. | |||||
| CVE-2022-22758 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | N/A | 8.8 HIGH |
| When clicking on a tel: link, USSD codes, specified after a <code>\*</code> character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2023-1656 | 1 Forgerock | 1 Ldap Connector | 2025-04-14 | N/A | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13. | |||||
| CVE-2011-3022 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| translate/translate_manager.cc in Google Chrome before 17.0.963.56 and 19.x before 19.0.1036.7 uses an HTTP session to exchange data for translation, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2025-27722 | 2025-04-09 | N/A | 5.9 MEDIUM | ||
| Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information. | |||||
| CVE-2008-0374 | 1 Oki | 2 C5510mfp, C5510mfp Firmware | 2025-04-09 | 10.0 HIGH | 7.5 HIGH |
| OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | |||||
| CVE-2008-4390 | 1 Cisco | 2 Linksys Wvc54gc, Linksys Wvc54gc Firmware | 2025-04-09 | 10.0 HIGH | 7.5 HIGH |
| The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network. | |||||