Total
533 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46382 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login. | |||||
| CVE-2023-46380 | 1 Loytec | 6 Linx-212, Linx-212 Firmware, Liob-586 and 3 more | 2023-12-14 | N/A | 7.5 HIGH |
| LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. | |||||
| CVE-2023-42579 | 2 Google, Samsung | 2 Android, Samsung Keyboard | 2023-12-12 | N/A | 5.3 MEDIUM |
| Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack. | |||||
| CVE-2023-24547 | 1 Arista | 5 7130, 7130-16g3s, 7130-48g3s and 2 more | 2023-12-11 | N/A | 6.5 MEDIUM |
| On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. | |||||
| CVE-2023-43503 | 1 Siemens | 1 Comos | 2023-12-10 | N/A | 7.5 HIGH |
| A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP. | |||||
| CVE-2023-41088 | 1 Dexma | 1 Dexgate | 2023-12-10 | N/A | 6.5 MEDIUM |
| The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. | |||||
| CVE-2023-23371 | 1 Qnap | 1 Qvpn | 2023-12-10 | N/A | 4.4 MEDIUM |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | |||||
| CVE-2023-42147 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2023-12-10 | N/A | 7.5 HIGH |
| An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. | |||||
| CVE-2023-36673 | 1 Avira | 1 Phantom Vpn | 2023-12-10 | N/A | 7.3 HIGH |
| An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN. | |||||
| CVE-2023-34142 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2023-12-10 | N/A | 7.5 HIGH |
| Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02. | |||||
| CVE-2023-4918 | 1 Redhat | 1 Keycloak | 2023-12-10 | N/A | 8.8 HIGH |
| A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment. | |||||
| CVE-2017-7252 | 1 Botan Project | 1 Botan | 2023-12-10 | N/A | 7.5 HIGH |
| bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. | |||||
| CVE-2023-34972 | 1 Qnap | 2 Qts, Quts Hero | 2023-12-10 | N/A | 6.5 MEDIUM |
| A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later | |||||
| CVE-2022-47892 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. | |||||
| CVE-2022-3261 | 1 Redhat | 1 Openstack Platform | 2023-12-10 | N/A | 7.5 HIGH |
| A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | |||||
| CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | |||||
| CVE-2023-38275 | 1 Ibm | 1 Cognos Dashboards On Cloud Pak For Data | 2023-12-10 | N/A | 7.5 HIGH |
| IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | |||||
| CVE-2023-45321 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2023-12-10 | N/A | 8.8 HIGH |
| The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol. | |||||
| CVE-2023-40729 | 1 Siemens | 1 Qms Automotive | 2023-12-10 | N/A | 7.4 HIGH |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information. | |||||
| CVE-2023-5100 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2023-12-10 | N/A | 6.5 MEDIUM |
| Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | |||||