CWE-319
878 CVEs • Abstraction: Base • Likelihood of Exploit: High
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVEs (878)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. |
1Crossmatch 1Digital Persona U.are.u 4500 Firmware Nov 21, 2024 Jun 13, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint im...Show more |
1Siemens 2Simatic Mv420 Firmware Simatic Mv440 FirmwareNov 21, 2024 Jun 12, 2019 N/A· v4 5.3 MEDIUM· v3 2.6 LOW· v2 A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a pr...Show more |
1Logitech 1R700 Laser Presentation Remote Firmware Nov 21, 2024 Jun 7, 2019 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keyst...Show more |
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's compute...Show more |
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer syst...Show more |
1Ibm 1Security Information Queue Nov 21, 2024 Jun 6, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certif...Show more |
Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
1Netapp 1Oncommand Unified Manager Nov 21, 2024 May 10, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
1F5 13Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Analytics+10 moreNov 21, 2024 May 3, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, SNMP may expose sensitive configuration objects over insecure transmission channels. This issue is exposed when a passphrase is used with vari...Show more |
An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows remote attackers to actively intercept user-to-device traffic in cleartext, including video streams and device credentials. |
1Cloudfoundry 3Cf Deployment CredhubUaa ReleaseNov 21, 2024 Apr 25, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entr...Show more |
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin pa...Show more |
1Pivotal Software 1Application Service Nov 21, 2024 Apr 24, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user coul...Show more |
1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 moreNov 21, 2024 Apr 15, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which m...Show more |
3Fedoraproject OpensuseRoundcube4Backports Sle FedoraLeap+1 moreNov 21, 2024 Apr 7, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or A...Show more |
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline c...Show more |
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline cha...Show more |
2Debian Kde2Debian Linux KmailNov 21, 2024 Apr 7, 2019 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline cha...Show more |
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Henc...Show more |