Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CVEs (881)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32934 1Throughtek 1Kalay P2p Software Development Kit Nov 21, 2024 May 19, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and...Show more The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.Show less
CVE-2020-4970 1Ibm 1Security Identity Manager Nov 21, 2024 May 19, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacke...Show more IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429.Show less
CVE-2022-30994 1Acronis 1Cyber Protect Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
CVE-2022-30993 1Acronis 1Cyber Protect Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
CVE-2022-0005 1Intel 458Celeron G5205u Firmware Celeron G5305u FirmwareCeleron G5900 Firmware+455 more May 5, 2025 May 12, 2022 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
CVE-2022-29945 1Dji 11Air 2 Firmware Air 2s FirmwareFhantom 4 Pro Firmware+8 more Nov 21, 2024 Apr 29, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
CVE-2021-40392 1Moxa 1Mxview Nov 21, 2024 Apr 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic t...Show more An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.Show less
CVE-2021-45104 1Wisc 1Htcondor Nov 21, 2024 Apr 6, 2022 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.
CVE-2022-24978 1Zohocorp 1Manageengine Adaudit Plus Nov 21, 2024 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.
CVE-2021-45894 1Zauner 1Arc Nov 21, 2024 Apr 5, 2022 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Cleartext Transmission of Sensitive Information.
CVE-2021-32982 1Automationdirect 20C0 10are D Firmware C0 10dd1e D FirmwareC0 10dd2e D Firmware+17 more Nov 21, 2024 Apr 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exc...Show more Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.Show less
CVE-2021-33022 1Philips 4Myvue SpeechVue Motion+1 more Nov 21, 2024 Apr 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2003-5002 1Ibm 1Iss Blackice Pc Protection Nov 20, 2024 Mar 28, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnera...Show more A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2022-0988 1Deltaww 1Diaenergie Nov 21, 2024 Mar 25, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between...Show more Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product.Show less
CVE-2021-27422 1Ge 19Multilin B30 Firmware Multilin B90 FirmwareMultilin C30 Firmware+16 more Nov 21, 2024 Mar 23, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.
CVE-2020-25178 3Rockwellautomation Schneider ElectricXylem 17Aadvance Controller Easergy C5 FirmwareEasergy T300 Firmware+14 more Nov 21, 2024 Mar 18, 2022 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Da...Show more ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.Show less
CVE-2021-41849 3Bluproducts LunaWikomobile 5G90 Firmware G9 FirmwareSimo Firmware+2 more Nov 21, 2024 Mar 11, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and d...Show more An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.Show less
CVE-2021-40846 1Tradingpaints 1Trading Paints Nov 21, 2024 Mar 4, 2022 N/A· v4 7.5 HIGH· v3 7.6 HIGH· v2 An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place...Show more An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings.Show less
CVE-2022-21798 1Ge 1Cimplicity Nov 21, 2024 Feb 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.
CVE-2021-45081 1Cobbler Project 1Cobbler Nov 21, 2024 Feb 20, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Cobbler through 3.3.1. Routines in several files use the HTTP protocol instead of the more secure HTTPS.

Previous 1...232425...45 Next