Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39086 | 1 Asus | 2 Rt-ac66u B1, Rt-ac66u B1 Firmware | 2023-08-14 | N/A | 7.5 HIGH |
| ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. | |||||
| CVE-2023-2754 | 1 Cloudflare | 1 Warp | 2023-08-09 | N/A | 6.8 MEDIUM |
| The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | |||||
| CVE-2021-43270 | 1 Datalust | 1 Seq.app.emailplus | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended. | |||||
| CVE-2022-24978 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2023-08-08 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response. | |||||
| CVE-2021-1896 | 1 Qualcomm | 44 Aqt1000, Aqt1000 Firmware, Qca6164 and 41 more | 2023-08-08 | 3.3 LOW | 4.3 MEDIUM |
| Weak configuration in WLAN could cause forwarding of unencrypted packets from one client to another in Snapdragon Compute, Snapdragon Connectivity | |||||
| CVE-2021-40148 | 1 Mediatek | 53 L9, Lr11, Lr12 and 50 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. | |||||
| CVE-2021-31898 | 1 Jetbrains | 1 Webstorm | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS. | |||||
| CVE-2022-29945 | 1 Dji | 22 Air 2, Air 2 Firmware, Air 2s and 19 more | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol. | |||||
| CVE-2021-41849 | 3 Bluproducts, Luna, Wikomobile | 10 G9, G90, G90 Firmware and 7 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | |||||
| CVE-2021-45081 | 1 Cobbler Project | 1 Cobbler | 2023-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS. | |||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2023-08-03 | N/A | 5.3 MEDIUM |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | |||||
| CVE-2022-28861 | 2 Axis, Citilog | 2 M1125, Citilog | 2023-07-28 | N/A | 5.9 MEDIUM |
| The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server. | |||||
| CVE-2023-34142 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2023-07-27 | N/A | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. | |||||
| CVE-2022-26077 | 1 Openautomationsoftware | 1 Oas Platform | 2023-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||
| CVE-2023-31823 | 1 Marui | 1 Marui | 2023-07-25 | N/A | 7.5 HIGH |
| An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function. | |||||
| CVE-2023-30565 | 1 Bd | 1 Guardrails Cqi Reporter | 2023-07-25 | N/A | 3.5 LOW |
| An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. | |||||
| CVE-2022-0553 | 1 Zephyrproject | 1 Zephyr | 2023-07-21 | N/A | 4.6 MEDIUM |
| There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. | |||||
| CVE-2023-3272 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2023-07-19 | N/A | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. | |||||
| CVE-2022-45877 | 1 Openharmony | 1 Openharmony | 2023-07-07 | N/A | 5.3 MEDIUM |
| OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | |||||
| CVE-2023-21219 | 1 Google | 1 Android | 2023-07-06 | N/A | 7.5 HIGH |
| there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-264698379References: N/A | |||||