Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10250 | 2 Microsoft, Ucweb | 2 Windows, Uc Browser | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks. | |||||
| CVE-2020-9526 | 1 Cs2-network | 1 P2p | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | |||||
| CVE-2020-5893 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2021-07-21 | 4.3 MEDIUM | 3.7 LOW |
| In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. | |||||
| CVE-2019-12813 | 1 Crossmatch | 2 Digital Persona U.are.u 4500, Digital Persona U.are.u 4500 Firmware | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt. | |||||
| CVE-2019-10734 | 1 Trojita Project | 1 Trojita | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. | |||||
| CVE-2020-14157 | 1 Abus | 2 Secvest Wireless Control Fube50001, Secvest Wireless Control Fube50001 Firmware | 2021-07-21 | 4.8 MEDIUM | 8.1 HIGH |
| The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. | |||||
| CVE-2019-18201 | 1 Fujitsu | 2 Lx390, Lx390 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords. | |||||
| CVE-2019-14959 | 1 Jetbrains | 1 Toolbox | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. | |||||
| CVE-2020-11685 | 1 Jetbrains | 1 Goland | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | |||||
| CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | |||||
| CVE-2020-29005 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. | |||||
| CVE-2019-16274 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. | |||||
| CVE-2019-19890 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. | |||||
| CVE-2019-17218 | 1 Vzug | 2 Combi-stream Mslq, Combi-stream Mslq Firmware | 2021-07-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service. | |||||
| CVE-2021-32612 | 1 I-doo | 1 Veryfitpro | 2021-07-12 | 4.3 MEDIUM | 8.1 HIGH |
| The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing. | |||||
| CVE-2021-22380 | 1 Huawei | 1 Emui | 2021-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality and availability. | |||||
| CVE-2021-23846 | 1 Bosch | 2 B426, B426 Firmware | 2021-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. | |||||
| CVE-2019-19889 | 1 Humaxdigital | 2 Hgb10r-02, Hgb10r-02 Firmware | 2021-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf. | |||||
| CVE-2021-23018 | 1 F5 | 1 Nginx Controller | 2021-06-11 | 5.8 MEDIUM | 7.4 HIGH |
| Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster. | |||||
| CVE-2021-33408 | 1 Abinitio | 1 Control\>center | 2021-06-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1. | |||||